Kees Bakker via FreeIPA-users wrote: > Hey, > > In two of my three masters I see these error messages. > > Jul 01 09:38:38 linge.ghs.nl named-pkcs11[6945]: bug in > ldap_entry_reconstruct(): protocol violation: attempt to reconstruct > non-existing entry > Jul 01 09:38:38 linge.ghs.nl named-pkcs11[6945]: ldap_sync_search_entry > failed: not found > > It also so happens that DNS is not updated on these two systems. > We only use one master to update DNS, either via the web interface > or via DHCP-update. These changes are correctly found in LDAP, on > all three systems. However, the two other nameservers don't pick > up the changes. > > There are no "syncrepl_update" messages in the log (after increasing > trace level with rndc trace 10). > > To be honest, I don't know if the above errors are related to the missing > updates. I'm grasping at straws here. > Something is seriously wrong, but what? How can I debug this further? > > The two failing systems run CentOS 8 Stream. Some rpm info: > 389-ds-base-1.4.3.16-8.module_el8.4.0+644+ed25d39e.x86_64 > ipa-server-4.9.2-3.module_el8.5.0+750+c59b186b.x86_64
I don't really do DNS but both of these messages come from bind-dyndb-ldap, the LDAP backend for bind. There is slightly more syncrepl logging at level 20, but only slightly more. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure