<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=koi8-r">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Arial Narrow";
panose-1:2 11 6 6 2 2 2 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Текст выноски Знак";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:EN-US;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.a
{mso-style-name:"Текст выноски Знак";
mso-style-priority:99;
mso-style-link:"Текст выноски";
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:EN-US;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="RU" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">One example of duplicate:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">krbprincipalname=HTTP/nw-rhidm02.unix.megafon.ru@UNIX.MEGAFON.RU+nsuniqueid=5a726d95-0e9611e5-8418a085-d3870578,cn=services,cn=accounts,dc=unix,dc=megafon,dc=ru<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">the original one:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">krbprincipalname=HTTP/nw-rhidm02.unix.megafon.ru@UNIX.MEGAFON.RU,cn=services,cn=accounts,dc=unix,dc=megafon,dc=ru<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">On three servers placed on one site we have such duplicates.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">On all other servers we have only record with normal name, with content of record, which have “+nsuniqueid=5a726d95-0e9611e5-8418a085-d3870578” on affected servers.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Plus we have one record with no original one, only name with +nsuniqueid, and no such record on all other servers.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Arial Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU">WBR,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Arial Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU">Alexander Frolushkin<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Arial Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU">Cell +79232508764<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Arial Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU">Work +79232507764<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU"> Ludwig
Krispenz [mailto:lkrispen@redhat.com] <br>
<b>Sent:</b> Tuesday, June 16, 2015 5:30 PM<br>
<b>To:</b> Alexander Frolushkin (SIB)<br>
<b>Cc:</b> freeipa-users@redhat.com<br>
<b>Subject:</b> Re: [Freeipa-users] replication conflicts<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 06/16/2015 12:44 PM, Alexander Frolushkin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">It looks like our duplicates have some “internal” source, it source is not a client system, but one of our IPA servers.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU">to get these kind of conflict two servers have to be involved<br>
if you say internal source, what kind of entries are affected ? do you mean these entries are created internally on server by a plugin ?<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Is it possible to get such duplicate records in combination of replication “multipath” and some clock skew (it is not ideally synchronized because of very big distances between sites)?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU">the clock skew should have no effect, the replication protocol additinally manages it own time used in genratio of CSNs and tries to synchronize
time, it could affect the oreder changes are applied during replication, but for these conflicts there have to be two independent ADDs
<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt">WBR,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Alexander Frolushkin</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Cell +79232508764</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Work +79232507764</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
<a href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a> [<a href="mailto:freeipa-users-bounces@redhat.com">mailto:freeipa-users-bounces@redhat.com</a>]
<b>On Behalf Of </b>Ludwig Krispenz<br>
<b>Sent:</b> Tuesday, June 16, 2015 3:52 PM<br>
<b>To:</b> <a href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] replication conflicts</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 06/16/2015 11:42 AM, Alexander Frolushkin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US">Hello.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Just to remind if somebody still not familiar with our IPA installation
</span><span lang="EN-US" style="font-family:Wingdings">J</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">We currently have 18 IPA servers in domain, on 8 sites in different regions across the Russia.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">And now, our new problem.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Regularly we getting a nsds5ReplConflict records on some of our servers, very often on servers from specific site. Usually it is simply a doubles and we can remove the renamed change to get everything back. But why do
we have them at all?</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">May be someone could explain, how we can detect the cause of this replication conflicts?</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt">if you are talking about having two "duplicate" entries,
<br>
one: uid=xxxxx,<suffix><br>
one: nsuniqueid=nnnnnnnn+uid=xxxxx,<suffix><br>
<br>
these entries appear if the entry uid=xxxxx was added, simultaneously, on two servers. I think this can happen if a client tries to add an entry and if it doesn't get a response in some time retries on another server.<br>
to find out which client this is you need to check on which servers the entries were originally added and then see which client was doing it<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Sometime it is moderately harmful, because, for example HBAC stops working on specific server while doubles still present.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Thanks in forward…</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">WBR,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Alexander Frolushkin</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Cell +79232508764</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Work +79232507764</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:12.0pt">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><span style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:RU"><br>
Информация в этом сообщении предназначена исключительно для конкретных лиц, которым она адресована. В сообщении может содержаться конфиденциальная информация, которая не может быть раскрыта или использована кем-либо, кроме адресатов. Если вы не адресат этого
сообщения, то использование, переадресация, копирование или распространение содержания сообщения или его части незаконно и запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно сообщите отправителю об этом и удалите со всем содержимым
само сообщение и любые возможные его копии и приложения.<br>
<br>
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. The contents may not be disclosed
or used by anyone other than the addressee. If you are not the intended recipient(s), any use, disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this communication
in error please notify us immediately by responding to this email and then delete the e-mail and all attachments and any copies thereof.<br>
<br>
(c)20mf50<br>
</span><span style="font-size:12.0pt"><br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU"><o:p> </o:p></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><span style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:RU"><br>
Информация в этом сообщении предназначена исключительно для конкретных лиц, которым она адресована. В сообщении может содержаться конфиденциальная информация, которая не может быть раскрыта или использована кем-либо, кроме адресатов. Если вы не адресат этого
сообщения, то использование, переадресация, копирование или распространение содержания сообщения или его части незаконно и запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно сообщите отправителю об этом и удалите со всем содержимым
само сообщение и любые возможные его копии и приложения.<br>
<br>
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. The contents may not be disclosed
or used by anyone other than the addressee. If you are not the intended recipient(s), any use, disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this communication
in error please notify us immediately by responding to this email and then delete the e-mail and all attachments and any copies thereof.<br>
<br>
(c)20mf50</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU"><o:p> </o:p></span></p>
</div>
<br>
<hr>
<font face="Arial" color="Gray" size="1"><br>
Информация в этом сообщении предназначена исключительно для конкретных лиц, которым она адресована. В сообщении может содержаться конфиденциальная информация, которая не может быть раскрыта или использована кем-либо, кроме адресатов. Если вы не адресат этого
сообщения, то использование, переадресация, копирование или распространение содержания сообщения или его части незаконно и запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно сообщите отправителю об этом и удалите со всем содержимым
само сообщение и любые возможные его копии и приложения.<br>
<br>
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. The contents may not be disclosed
or used by anyone other than the addressee. If you are not the intended recipient(s), any use, disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this communication
in error please notify us immediately by responding to this email and then delete the e-mail and all attachments and any copies thereof.<br>
<br>
(c)20mf50<br>
</font>
</body>
</html>