Hi Flo,
No there are none.
All three servers report:
search: 2
result: 0 Success
On 01-07-2021 21:01, Florence Renaud wrote:
Hi Kees,
can you also check if there are replication conflict entries? On each
server:
export BASEDN=<basedn value from /etc/ipa/default.conf>
ldapsearch -D "cn=Directory Manager" -W -b $BASEDN
"(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))" \* nsds5ReplConflict
flo
On Thu, Jul 1, 2021 at 2:35 PM Rob Crittenden via FreeIPA-users
<freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>> wrote:
Kees Bakker via FreeIPA-users wrote:
> Hey,
>
> In two of my three masters I see these error messages.
>
> Jul 01 09:38:38 linge.ghs.nl <http://linge.ghs.nl>
named-pkcs11[6945]: bug in
> ldap_entry_reconstruct(): protocol violation: attempt to reconstruct
> non-existing entry
> Jul 01 09:38:38 linge.ghs.nl <http://linge.ghs.nl>
named-pkcs11[6945]: ldap_sync_search_entry
> failed: not found
>
> It also so happens that DNS is not updated on these two systems.
> We only use one master to update DNS, either via the web interface
> or via DHCP-update. These changes are correctly found in LDAP, on
> all three systems. However, the two other nameservers don't pick
> up the changes.
>
> There are no "syncrepl_update" messages in the log (after increasing
> trace level with rndc trace 10).
>
> To be honest, I don't know if the above errors are related to
the missing
> updates. I'm grasping at straws here.
> Something is seriously wrong, but what? How can I debug this
further?
>
> The two failing systems run CentOS 8 Stream. Some rpm info:
> 389-ds-base-1.4.3.16-8.module_el8.4.0+644+ed25d39e.x86_64
> ipa-server-4.9.2-3.module_el8.5.0+750+c59b186b.x86_64
I don't really do DNS but both of these messages come from
bind-dyndb-ldap, the LDAP backend for bind.
There is slightly more syncrepl logging at level 20, but only
slightly more.
rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org
<mailto:freeipa-users-le...@lists.fedorahosted.org>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
<https://fedoraproject.org/wiki/Mailing_list_guidelines>
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
<https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org>
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
<https://pagure.io/fedora-infrastructure>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
