Hello Ludwig, Thanks for the answer and help,
Am Montag, 24. Oktober 2016, 14:16:23 schrieb Ludwig Krispenz: > On 10/24/2016 01:21 PM, Günther J. Niederwimmer wrote: > > Am Montag, 24. Oktober 2016, 09:53:21 schrieb Ludwig Krispenz: > >> On 10/23/2016 03:01 PM, Günther J. Niederwimmer wrote: > >>> I have added on my ipa (Master) Server this user and ACI with a ldif > >>> file > >>> > >>> This Ends with a > >>> modifying entry "cn=users,cn=accounts,dc=example,dc=com" > >> > >> these changes are not related to the errors you report below (I would be > >> really surprised) and you only need to apply them on one server, that's > >> what replication is good for. > >> > >> There are a couple of different types of messages: > >> - failed to delete changelog record: this is from retro changelog > >> trimming, when miscalculation of the starting point for trimming starts > >> with changenumber lower than what's in the retro changelog. > >> In my experience this can happen after a crash/kill/reboot and should > >> stop after som time > > > > OK, nothing to do ;-). > > > >> - attrlist_replace errors: looks like you have recreated a replica on a > >> machine and not cleaned the RUV, please see: > >> http://www.freeipa.org/page/Troubleshooting#Obsolete_RUV_records > > > > I don't have add or remove a replica ? this two servers running now I mean > > over three month ? > > that is strange, could you perform step 1] and 2] of this recipe: > https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html > but add the option "-o ldif-wrap=no" to the ldapsearch to get the full ruv OK. The first is ipa-csreplica-manage list Directory Manager password: ipa.example.com: master ipa1.example.com: master The second is: nsDS5ReplicaId: 96 nsds50ruv: {replicageneration} 5706b1a3000000600000 nsds50ruv: {replica 96 ldap://ipa.example.com:389} 5706b1ab000000600000 580f6a5f000000600000 nsds50ruv: {replica 91 ldap://ipa1.example.com:389} 5714ad010000005b0000 575c65140005005b0000 nsds50ruv: {replica 97 ldap://ipa1.example.com:389} 5706b1bd000000610000 570803a9000000610000 The domain is changed !! > > The last I remember I add a 3rd Party Certificate ? > > > > but I don't found before so much Errors :-(. > > > > Is there a possible way to check a freeIPA Installation, to find out for a > > "normal" user to have a consistent System ? > > > >> - keep-alive already exists: this is also an indication of a new > >> replica, the keep alive entry was in the database, but the supplier > >> tries to send it again, this should also disappear once some real > >> changes from replica 4 are replicated > >> > >>> but now I have on the changed master this 100... Errors > >>> > >>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: > >>> could > >>> not delete change record 396504 (rc: 32) > >>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: > >>> could > >>> not delete change record 396505 (rc: 32) > >>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: > >>> could > >>> not delete change record 396506 (rc: 32) > >>> [23/Oct/2016:13:37:08 +0200] NSMMReplicationPlugin - replication keep > >>> alive > >>> entry <cn=repl keep alive 4,dc=example,dc=com> already exists > >>> > >>> and on the replica (Master) this 1000....Errors > >>> > >>> [23/Oct/2016:13:42:50 +0200] DSRetroclPlugin - delete_changerecord: > >>> could > >>> not delete change record 240846 (rc: 32) > >>> What is wrong with my changes, or have I to add my changes also on the > >>> Replicas ? > >>> > >>> Thanks for a answer, -- mit freundlichen Grüßen / best regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project