[Freeipa-users] 389-DS crashed
Rich Megginson
rmeggins at redhat.com
Thu Jun 23 15:31:13 UTC 2011
On 06/23/2011 09:06 AM, Rich Megginson wrote:
> On 06/23/2011 08:02 AM, Attila Bogár wrote:
>> Hi,
>>
>> I deleted more than 50 users from AD and expected IPA to do the same.
>> However the EXAMPLE-COM 389-ds instance just crashed and I can't
>> start it anymore.
>>
>> Could you please help with this issue?
>>
>> The error logging is set to REPL|PLUGIN.
>> I can see the following in error log:
>>
>> tail /var/log/dirsrv/slapd-EXAMPLE-COM/errors
>>
>> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.win.example.com" (dc1:389): map_entry_dn_outbound:
>> looking for AD entry for DS
>> dn="uid=mtf,cn=users,cn=accounts,dc=example,dc=com"
>> guid="cc62cd9765c139458d9a21fdddf50eae"
>> [23/Jun/2011:14:55:51 +0100] - Calling windows entry search request
>> plugin
>> [23/Jun/2011:14:55:51 +0100] ipa-winsync - -->
>> ipa_winsync_pre_ad_search_cb -- begin
>> [23/Jun/2011:14:55:51 +0100] ipa-winsync - <--
>> ipa_winsync_pre_ad_search_cb -- end
>> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin - Could not
>> retrieve entry from Windows using search base
>> [<GUID=cc62cd9765c139458d9a21fdddf50eae>] scope [0] filter
>> [(objectclass=*)]: error 32:No such object
>> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.win.example.com" (dc1:389): map_entry_dn_outbound:
>> return code -1 from search for AD entry
>> dn="<GUID=cc62cd9765c139458d9a21fdddf50eae>" or dn="(null)"
>> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.win.example.com" (dc1:389): map_entry_dn_outbound:
>> entry not found - rc -1
>> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.win.example.com" (dc1:389): windows_replay_update:
>> Processing modify operation local
>> dn="uid=mtf,cn=users,cn=accounts,dc=example,dc=com" remote
>> dn="<GUID=cc62cd9765c139458d9a21fdddf50eae>"
>> [23/Jun/2011:14:55:51 +0100] ipa-winsync - -->
>> ipa_winsync_pre_ad_mod_user_mods_cb -- begin
>> [23/Jun/2011:14:55:51 +0100] ipa-winsync - <-- ipa_check_account_lock
>> - entry [uid=mtf,cn=users,cn=accounts,dc=example,dc=com] has real
>> attribute nsAccountLock and entry is locked
> Does the user mtf exist in AD?
Looks like something happens to the mtf user - it's there, then it's not:
[23/Jun/2011:14:46:15 +0100] NSMMReplicationPlugin -
agmt="cn=meTodc1.win.linguamatics.com" (dc1:389): map_entry_dn_outbound:
return code 0 from search for AD entry
dn="<GUID=cc62cd9765c139458d9a21fdddf50eae>" or dn="CN=Matt
Francomb,CN=ipa,DC=win,DC=linguamatics,DC=com"
[23/Jun/2011:14:46:15 +0100] NSMMReplicationPlugin -
agmt="cn=meTodc1.win.linguamatics.com" (dc1:389): windows_replay_update:
Processing modify operation local
dn="uid=mtf,cn=users,cn=accounts,dc=linguamatics,dc=com" remote
dn="<GUID=cc62cd9765c139458d9a21fdddf50eae>"
then the next time this entry comes up:
[23/Jun/2011:14:46:18 +0100] NSMMReplicationPlugin -
agmt="cn=meTodc1.win.linguamatics.com" (dc1:389): map_entry_dn_outbound:
looking for AD entry for DS
dn="uid=mtf,cn=users,cn=accounts,dc=linguamatics,dc=com"
guid="cc62cd9765c139458d9a21fdddf50eae"
[23/Jun/2011:14:46:18 +0100] NSMMReplicationPlugin -
agmt="cn=meTodc1.win.linguamatics.com" (dc1:389): map_entry_dn_outbound:
return code -1 from search for AD entry
dn="<GUID=cc62cd9765c139458d9a21fdddf50eae>" or dn="(null)"
[23/Jun/2011:14:46:18 +0100] NSMMReplicationPlugin -
agmt="cn=meTodc1.win.linguamatics.com" (dc1:389): map_entry_dn_outbound:
entry not found - rc -1
Is it possible this entry was deleted from AD between
23/Jun/2011:14:46:15 and 23/Jun/2011:14:46:18 ?
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list