[Freeipa-users] Replica not syncing 'memberOf' attributes

Dan Scott danieljamesscott at gmail.com
Wed Oct 6 18:28:11 UTC 2010 

Hi,

On Wed, Oct 6, 2010 at 11:32, Simo Sorce <ssorce at redhat.com> wrote:
> On Wed, 6 Oct 2010 10:26:48 -0400
> Dan Scott <danieljamesscott at gmail.com> wrote:
>
>> Hi,
>>
>> I have master and slave FreeIPA servers. I recently upgraded the slave
>> by wiping, re-installing Fedora 13 and re-creating the replication
>> using ipa-replica-prepare and ipa-replica-install.
>>
>> For some reason, the slave is having difficulty replicating the
>> memberOf attribute. I can attach an LDAP viewer to the replica, and
>> view the schema, but the memberOf attributes are missing. Also, the
>> master server contains the lines:
>>
>> - Entry "cn=admins,cn=groups,cn=accounts,dc=example,dc=com" --
>> attribute "memberOf" not allowed
>> NSMMReplicationPlugin - repl_set_mtn_referrals: could not set
>> referrals for replica dc=example,dc=com: 20
>> NSMMReplicationPlugin - replica_reload_ruv: Warning: new data for
>> replica dc=example,dc=com does not match the data in the changelog.
>>  Recreating the changelog file. This could affect replication with
>> replica's  consumers in which case the consumers should be
>> reinitialized.
>> [06/Oct/2010:09:58:33 -0400] - skipping cos definition cn=account
>> inactivation,cn=accounts,dc=example,dc=com--no templates found
>>
>> The rest of the replication appears to be working correctly (as far as
>> I can tell).
>>
>> I have tried using ipa-replica-manage init and synch to try to fix the
>> replication, but I suspect this has something to do with the schema
>> definition.
>>
>> Does anyone have any pointers/ideas for how I can fix this?
>
> Dan, the memberof attribute is explicitly not replicated, and should be
> simply re-generated on the receiving replica when "member" attributes
> are replicated.

So does this imply that there is some corruption in the schema on the
replica server?

> Are the IPA versions on the master and the replica the same ?

They are both the same version: ipa-server-1.2.2-4.fc13.x86_64

Thanks,

Dan Scott

More information about the Freeipa-users mailing list