Hi all,
We have a 3 master setup that is failing to replicate changes from a particular node to the other IPA instances. The replication status says it's all fine, however the record hasn't been changed on the other servers. We've seen this on user password changes, adding hosts and services. The only thing we've found that seems to fix this temporarily is to re-initialize from the master with the changed record. A force-sync doesn't pick up the changed record. Not sure what logs would be helpful to diagnose what is happening in this setup. # ipa-replica-manage -v list `hostname` freeipa03.mgmt.example.com: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: Error (0) Replica acquired successfully: Incremental update succeeded last update ended: 2017-06-07 14:43:53+00:00 freeipa02.mgmt.example.com: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: Error (0) Replica acquired successfully: Incremental update succeeded last update ended: 2017-06-07 14:43:53+00:00 # ldapsearch -W -x -D "cn=directory manager" -b "cn=users,cn=accounts,dc=ipa,dc=example,dc=com" "nsds5ReplConflict=*" * nsds5ReplConflict Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=users,cn=accounts,dc=ipa,dc=example,dc=com> with scope subtree # filter: nsds5ReplConflict=* # requesting: * nsds5ReplConflict # # search result search: 2 result: 0 Success # numResponses: 1 Any help in what else can be checked or what logs would be helpful would be appreciated. Thanks Nick
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org