On 10/25/2016 04:41 PM, Günther J. Niederwimmer wrote:
Hello Ludwig,
Thanks for the answer and help,
Am Montag, 24. Oktober 2016, 14:16:23 schrieb Ludwig Krispenz:
On 10/24/2016 01:21 PM, Günther J. Niederwimmer wrote:
Am Montag, 24. Oktober 2016, 09:53:21 schrieb Ludwig Krispenz:
On 10/23/2016 03:01 PM, Günther J. Niederwimmer wrote:
I have added on my ipa (Master) Server this user and ACI with a ldif
file
This Ends with a
modifying entry "cn=users,cn=accounts,dc=example,dc=com"
these changes are not related to the errors you report below (I would be
really surprised) and you only need to apply them on one server, that's
what replication is good for.
There are a couple of different types of messages:
- failed to delete changelog record: this is from retro changelog
trimming, when miscalculation of the starting point for trimming starts
with changenumber lower than what's in the retro changelog.
In my experience this can happen after a crash/kill/reboot and should
stop after som time
OK, nothing to do ;-).
- attrlist_replace errors: looks like you have recreated a replica on a
machine and not cleaned the RUV, please see:
http://www.freeipa.org/page/Troubleshooting#Obsolete_RUV_records
I don't have add or remove a replica ? this two servers running now I mean
over three month ?
that is strange, could you perform step 1] and 2] of this recipe:
https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html
but add the option "-o ldif-wrap=no" to the ldapsearch to get the full ruv
OK.
The first is
ipa-csreplica-manage list
Directory Manager password:
ipa.example.com: master
ipa1.example.com: master
The second is:
nsDS5ReplicaId: 96
nsds50ruv: {replicageneration} 5706b1a3000000600000
nsds50ruv: {replica 96 ldap://ipa.example.com:389} 5706b1ab000000600000
580f6a5f000000600000
nsds50ruv: {replica 91 ldap://ipa1.example.com:389} 5714ad010000005b0000
575c65140005005b0000
nsds50ruv: {replica 97 ldap://ipa1.example.com:389} 5706b1bd000000610000
570803a9000000610000
you should do the same search on ipa1, it looks like you have to
replicaids: 91 and 97 for the sane server: ipa1.example.com
from the timestamps in the RUV I think you recreated the instance on
ipa1 between Apr,8th and Apr,18th and since then have this in teh RUV.
but it looks like changes on ipa1 for the o=ipaca suffix are rare (ruv
output from ipa1 would tell more) and maybe missed the error messages so
far.
I would suggest you follow the next steps in the doc abou cleaning the
no longer active replicaID from the ruv
The domain is changed !!
The last I remember I add a 3rd Party Certificate ?
but I don't found before so much Errors :-(.
Is there a possible way to check a freeIPA Installation, to find out for a
"normal" user to have a consistent System ?
- keep-alive already exists: this is also an indication of a new
replica, the keep alive entry was in the database, but the supplier
tries to send it again, this should also disappear once some real
changes from replica 4 are replicated
but now I have on the changed master this 100... Errors
[23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord:
could
not delete change record 396504 (rc: 32)
[23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord:
could
not delete change record 396505 (rc: 32)
[23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord:
could
not delete change record 396506 (rc: 32)
[23/Oct/2016:13:37:08 +0200] NSMMReplicationPlugin - replication keep
alive
entry <cn=repl keep alive 4,dc=example,dc=com> already exists
and on the replica (Master) this 1000....Errors
[23/Oct/2016:13:42:50 +0200] DSRetroclPlugin - delete_changerecord:
could
not delete change record 240846 (rc: 32)
What is wrong with my changes, or have I to add my changes also on the
Replicas ?
Thanks for a answer,
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric
Shander
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
