A replica agreement binding with GSSAPI may get initial failure to bind while the KDC is getting up.
In such case replica agreement status is a generic "Problem connecting to replica"
It would be interesting in case of failure in the first attempts to bind (GSSAPI) to either log a less scary status or retry after a short delay.
all
1.install master-replica with a kdc that is slow to startup 2. 3.
If KDC is not startup at the time of the first bind, we get ""Problem connecting to replica"
Possibly get something like: ""Problem connecting to replica possibly a transient failure..." Then if it fails more than 2 times then set ""Problem connecting to replica"
It is expected in 7.5 for better support
Metadata Update from @tbordaz: - Custom field origin adjusted to IPA - Custom field type adjusted to defect
This is purely an IPA issue: The KDC depends on LDAP, and LDAP repl relies on the KDC. This chicken and egg issue can not be resolved I don't think, so we just have to cop the failure.
@firstyear Not sure it is chicken and egg. KDC slow startup exists independently of existence of replication agreements. I think the interest of the ticket is for administration. Would it help an administrator to know that "problem of connection" is a red flag and "Temporary problem of connection" an orange flag that can later turn to red. ?
Metadata Update from @mreynolds: - Issue set to the milestone: 1.3.7.0
Metadata Update from @mreynolds: - Custom field reviewstatus adjusted to None - Issue set to the milestone: 1.4.2 (was: 1.3.7.0)
Metadata Update from @vashirov: - Issue set to the milestone: 1.4.4 (was: 1.4.2)
Login to comment on this ticket.