On Centos 7
389-ds-base-snmp-1.3.9.1-13.el7_7.x86_64
389-ds-base-libs-1.3.9.1-13.el7_7.x86_64
389-ds-base-1.3.9.1-13.el7_7.x86_64
389-ds-base-debuginfo-1.3.9.1-13.el7_7.x86_64
On Centos 8 Stream
389-ds-base-1.4.3.23-7.module_el8.5.0+889+90e0384f.x86_64
python3-lib389-1.4.3.23-7.module_el8.5.0+889+90e0384f.noarch
389-ds-base-libs-1.4.3.23-7.module_el8.5.0+889+90e0384f.x86_64
-- Kees
On 22-11-2021 18:39, Florence Blanc-Renaud wrote:
Hi,
the error looks similar to https://github.com/389ds/389-ds-base/issues/4872
<https://github.com/389ds/389-ds-base/issues/4872>.
The CentOS 8 Streams master probably has a version of 389ds that doesn't
contain the fix, and has entryuuid plugin enabled (that generates an entryuuid
attribute). The schema failed to be replicated to the CentOS 7 server, and the
entryuuid attribute present in the entry causes replication issues.
Which versions are installed on the other replicas? You may have to disable the
entryuuid plugin or update 389ds.
flo
On Mon, Nov 22, 2021 at 3:30 PM Kees Bakker via FreeIPA-users
<freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>> wrote:
Hi,
On my Centos 7 master there was this error message
[19/Nov/2021:11:16:11.863597190 +0100] - ERR - oc_check_allowed_sv - Entry
"ipaUniqueID=b2211c08-4921-11ec-974b-509a4c9d3b10,cn=sudorules,cn=sudo,dc=example,dc=com"
-- attribute "entryuuid" not allowed
[19/Nov/2021:11:16:26.331298112 +0100] - ERR - oc_check_allowed_sv - Entry
"ipaUniqueID=b2211c08-4921-11ec-974b-509a4c9d3b10,cn=sudorules,cn=sudo,dc=example,dc=com"
-- attribute "entryuuid" not allowed
[19/Nov/2021:11:16:45.264647201 +0100] - ERR - oc_check_allowed_sv - Entry
"ipaUniqueID=b2211c08-4921-11ec-974b-509a4c9d3b10,cn=sudorules,cn=sudo,dc=example,dc=com"
-- attribute "entryuuid" not allowed
The sudorule was add via the web-GUI on a Centos 8stream master.
The replication more or less succeeded, besides this error message. However,
* checkipaconsistency reports "LDAP Conflicts" (the Centos 7 master has
count 1, the other masters have count 0)
* ipa-healthcheck reports an error too
[
{
"source": "ipahealthcheck.ds.replication",
"kw": {
"msg": "Replication conflict",
"glue": false,
"conflict": "Schema violation",
"key":
"ipaUniqueID=b2211c08-4921-11ec-974b-509a4c9d3b10,cn=sudorules,cn=sudo,dc=ghs,dc=nl"
},
"uuid": "01d364fc-e48e-44bd-9ea8-63db1e800788",
"duration": "0.001689",
"when": "20211122070012Z",
"check": "ReplicationConflictCheck",
"result": "ERROR"
}
]
Any advise how to get rid of the error messages would be greatly
appreciated.
--
Kees
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
<mailto:freeipa-users-le...@lists.fedorahosted.org>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
<https://fedoraproject.org/wiki/Mailing_list_guidelines>
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
<https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org>
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
<https://pagure.io/fedora-infrastructure>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
