[Freeipa-users] FreeIPA password sync one direction only (Windows DC -> IPA)
Rich Megginson
rmeggins at redhat.com
Tue May 21 22:08:07 UTC 2013
On 05/21/2013 03:48 PM, Steve Dainard wrote:
> Thanks Rich, appreciate the help.
>
> I've answered inline some of your questions but I think I can answer
> most of your questions by showing the entire process I followed
> (passwords have been replaced by '...'):
>
>
> [root at ipa1 ~]# ipa-server-install --setup-dns -p '...' -a '...' -r
> MIOVISION.LINUX -n miovision.linux --hostname ipa1.miovision.linux
>
> The log file for this installation can be found in
> /var/log/ipaserver-install.log
> ==============================================================================
> This program will set up the IPA Server.
>
> This includes:
> * Configure a stand-alone CA (dogtag) for certificate management
> * Configure the Network Time Daemon (ntpd)
> * Create and configure an instance of Directory Server
> * Create and configure a Kerberos Key Distribution Center (KDC)
> * Configure Apache (httpd)
> * Configure DNS (bind)
>
> To accept the default shown in brackets, press the Enter key.
>
> Existing BIND configuration detected, overwrite? [no]: yes
> Enter the fully qualified domain name of the computer
> on which you're setting up server software. Using the form
> <hostname>.<domainname>
> Example: master.example.com <http://master.example.com>.
>
>
> Server host name [ipa1.miovision.linux]:
>
> Warning: skipping DNS resolution of host ipa1.miovision.linux
> Unable to resolve IP address for host name
> Please provide the IP address to be used for this host name: 10.0.6.3
> Adding [10.0.6.3 ipa1.miovision.linux] to your /etc/hosts file
> Do you want to configure DNS forwarders? [yes]:
> Enter the IP address of DNS forwarder to use, or press Enter to finish.
> Enter IP address for a DNS forwarder: 10.0.0.2
> DNS forwarder 10.0.0.2 added
> Enter IP address for a DNS forwarder: 10.0.0.5
> DNS forwarder 10.0.0.5 added
> Enter IP address for a DNS forwarder:
> Do you want to configure the reverse zone? [yes]:
> Please specify the reverse zone name [6.0.10.in-addr.arpa.]:
> Using reverse zone 6.0.10.in-addr.arpa.
>
> The IPA Master Server will be configured with:
> Hostname: ipa1.miovision.linux
> IP address: 10.0.6.3
> Domain name: miovision.linux
> Realm name: MIOVISION.LINUX
>
> BIND DNS server will be configured to serve IPA domain with:
> Forwarders: 10.0.0.2, 10.0.0.5
> Reverse zone: 6.0.10.in-addr.arpa.
>
> Continue to configure the system with these values? [no]: yes
>
> The following operations may take some minutes to complete.
> Please wait until the prompt is returned.
>
> Configuring NTP daemon (ntpd)
> [1/4]: stopping ntpd
> [2/4]: writing configuration
> [3/4]: configuring ntpd to start on boot
> [4/4]: starting ntpd
> Done configuring NTP daemon (ntpd).
> Configuring directory server for the CA (pkids): Estimated time 30 seconds
> [1/3]: creating directory server user
> [2/3]: creating directory server instance
> [3/3]: restarting directory server
> Done configuring directory server for the CA (pkids).
> Configuring certificate server (pki-cad): Estimated time 3 minutes 30
> seconds
> [1/21]: creating certificate server user
> [2/21]: creating pki-ca instance
> [3/21]: configuring certificate server instance
> [4/21]: disabling nonces
> [5/21]: creating CA agent PKCS#12 file in /root
> [6/21]: creating RA agent certificate database
> [7/21]: importing CA chain to RA certificate database
> [8/21]: fixing RA database permissions
> [9/21]: setting up signing cert profile
> [10/21]: set up CRL publishing
> [11/21]: set certificate subject base
> [12/21]: enabling Subject Key Identifier
> [13/21]: setting audit signing renewal to 2 years
> [14/21]: configuring certificate server to start on boot
> [15/21]: restarting certificate server
> [16/21]: requesting RA certificate from CA
> [17/21]: issuing RA agent certificate
> [18/21]: adding RA agent as a trusted user
> [19/21]: configure certificate renewals
> [20/21]: configure Server-Cert certificate renewal
> [21/21]: Configure HTTP to proxy connections
> Done configuring certificate server (pki-cad).
> Configuring directory server (dirsrv): Estimated time 1 minute
> [1/38]: creating directory server user
> [2/38]: creating directory server instance
> [3/38]: adding default schema
> [4/38]: enabling memberof plugin
> [5/38]: enabling winsync plugin
> [6/38]: configuring replication version plugin
> [7/38]: enabling IPA enrollment plugin
> [8/38]: enabling ldapi
> [9/38]: disabling betxn plugins
> [10/38]: configuring uniqueness plugin
> [11/38]: configuring uuid plugin
> [12/38]: configuring modrdn plugin
> [13/38]: enabling entryUSN plugin
> [14/38]: configuring lockout plugin
> [15/38]: creating indices
> [16/38]: enabling referential integrity plugin
> [17/38]: configuring ssl for ds instance
> [18/38]: configuring certmap.conf
> [19/38]: configure autobind for root
> [20/38]: configure new location for managed entries
> [21/38]: restarting directory server
> [22/38]: adding default layout
> [23/38]: adding delegation layout
> [24/38]: adding replication acis
> [25/38]: creating container for managed entries
> [26/38]: configuring user private groups
> [27/38]: configuring netgroups from hostgroups
> [28/38]: creating default Sudo bind user
> [29/38]: creating default Auto Member layout
> [30/38]: adding range check plugin
> [31/38]: creating default HBAC rule allow_all
> [32/38]: Upload CA cert to the directory
> [33/38]: initializing group membership
> [34/38]: adding master entry
> [35/38]: configuring Posix uid/gid generation
> [36/38]: enabling compatibility plugin
> [37/38]: tuning directory server
> [38/38]: configuring directory to start on boot
> Done configuring directory server (dirsrv).
> Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds
> [1/10]: adding sasl mappings to the directory
> [2/10]: adding kerberos container to the directory
> [3/10]: configuring KDC
> [4/10]: initialize kerberos container
> [5/10]: adding default ACIs
> [6/10]: creating a keytab for the directory
> [7/10]: creating a keytab for the machine
> [8/10]: adding the password extension to the directory
> [9/10]: starting the KDC
> [10/10]: configuring KDC to start on boot
> Done configuring Kerberos KDC (krb5kdc).
> Configuring kadmin
> [1/2]: starting kadmin
> [2/2]: configuring kadmin to start on boot
> Done configuring kadmin.
> Configuring ipa_memcached
> [1/2]: starting ipa_memcached
> [2/2]: configuring ipa_memcached to start on boot
> Done configuring ipa_memcached.
> Configuring the web interface (httpd): Estimated time 1 minute
> [1/13]: setting mod_nss port to 443
> [2/13]: setting mod_nss password file
> [3/13]: enabling mod_nss renegotiate
> [4/13]: adding URL rewriting rules
> [5/13]: configuring httpd
> [6/13]: setting up ssl
> [7/13]: setting up browser autoconfig
> [8/13]: publish CA cert
> [9/13]: creating a keytab for httpd
> [10/13]: clean up any existing httpd ccache
> [11/13]: configuring SELinux for httpd
> [12/13]: restarting httpd
> [13/13]: configuring httpd to start on boot
> Done configuring the web interface (httpd).
> Applying LDAP updates
> Restarting the directory server
> Restarting the KDC
> Configuring DNS (named)
> [1/9]: adding DNS container
> [2/9]: setting up our zone
> [3/9]: setting up reverse zone
> [4/9]: setting up our own record
> [5/9]: setting up kerberos principal
> [6/9]: setting up named.conf
> [7/9]: restarting named
> [8/9]: configuring named to start on boot
> [9/9]: changing resolv.conf to point to ourselves
> Done configuring DNS (named).
>
> Global DNS configuration in LDAP server is empty
> You can use 'dnsconfig-mod' command to set global DNS options that
> would override settings in local named.conf files
>
> Restarting the web server
> ==============================================================================
> Setup complete
>
> ...
>
>
> [root at ipa1 openldap]# ipa-replica-manage connect --winsync --binddn
> cn=administrator,cn=users,dc=miovision,dc=corp --bindpw '...'
> --passsync '...' --cacert /etc/openldap/cacerts/miovision.ca.cer
> dc1.miovision.corp -v
> Directory Manager password:
Why not just specify --win-subtree="CN=Shared
Login,CN=users,DC=miovision,DC=corp" here?
>
> Added CA certificate /etc/openldap/cacerts/miovision.ca.cer to
> certificate database for ipa1.miovision.linux
> ipa: INFO: AD Suffix is: DC=miovision,DC=corp
> The user for the Windows PassSync service is
> uid=passsync,cn=sysaccounts,cn=etc,dc=miovision,dc=linux
> ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
> ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica
> acquired successfully: Incremental update started: start: 0: end: 0
> ipa: INFO: Agreement is ready, starting replication . . .
> Starting replication, please wait until this has completed.
> Update in progress
> Update in progress
> Update succeeded
> Connected 'ipa1.miovision.linux' to 'dc1.miovision.corp'
>
> [root at ipa1 openldap]# ldapsearch -xLLL -D "cn=directory manager" -W -p
> 389 -h ipa1.miovision.corp -b cn=config
> objectclass=nsdswindowsreplicationagreement dn nsds7WindowsReplicaSubtree
> Enter LDAP Password:
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
This is very strange. Do you have any core files in
/var/log/dirsrv/slapd-*? Do you have any abrt crash reports? Do you
see "Disorderly Shutdown" in /var/log/dirsrv/slapd-*/errors.*?
>
>
> [root at ipa1 openldap]# /etc/init.d/dirsrv status
> dirsrv MIOVISION-LINUX dead but pid file exists
> dirsrv PKI-IPA dead but pid file exists
> [root at ipa1 openldap]# /etc/init.d/dirsrv start
> Starting dirsrv:
> MIOVISION-LINUX.../etc/init.d/dirsrv: line 181: kill: (4785) - No
> such process
> not running, but pid file exists
> MIOVISION-LINUX... attempting to start anyway [ OK ]
> PKI-IPA.../etc/init.d/dirsrv: line 181: kill: (4853) - No such process
> not running, but pid file exists
> PKI-IPA... attempting to start anyway [ OK ]
> [root at ipa1 openldap]# /etc/init.d/dirsrv status
> dirsrv MIOVISION-LINUX (pid 5252) is running...
> dirsrv PKI-IPA (pid 5329) is running...
>
>
> [root at ipa1 openldap]# ldapsearch -xLLL -D "cn=directory manager" -W -p
> 389 -h ipa1.miovision.corp -b cn=config
> objectclass=nsdswindowsreplicationagreement dn nsds7WindowsReplicaSubtree
> Enter LDAP Password:
> dn:
> cn=meTodc1.miovision.corp,cn=replica,cn=dc\3Dmiovision\2Cdc\3Dlinux,cn=map
> ping tree,cn=config
> nsds7WindowsReplicaSubtree: cn=Users,DC=miovision,DC=corp
>
> [root at ipa1 openldap]# ldapmodify -x -D "cn=directory manager" -W -p
> 389 -h ipa1.miovision.linux <<EOF
> > dn:
> cn=meTodc1.miovision.corp,cn=replica,cn=dc\3Dmiovision\2Cdc\3Dlinux,cn=mapping
> tree,cn=config
> > changetype: modify
> > replace: nsds7WindowsReplicaSubtree
> > nsds7WindowsReplicaSubtree: CN=Shared
> Login,CN=users,DC=miovision,DC=corp
> > EOF
> Enter LDAP Password:
> modifying entry
> "cn=meTodc1.miovision.corp,cn=replica,cn=dc\3Dmiovision\2Cdc\3Dlinux,cn=mapping
> tree,cn=config"
>
> [root at ipa1 openldap]# ldapsearch -xLLL -D "cn=directory manager" -W -p
> 389 -h ipa1.miovision.corp -b cn=config
> objectclass=nsdswindowsreplicationagreement dn nsds7WindowsReplicaSubtree
> Enter LDAP Password:
> dn:
> cn=meTodc1.miovision.corp,cn=replica,cn=dc\3Dmiovision\2Cdc\3Dlinux,cn=map
> ping tree,cn=config
> nsds7WindowsReplicaSubtree: CN=Shared Login,CD=users,DC=miovision,DC=corp
>
>
> [root at ipa1 openldap]# screen ipa-replica-manage re-initialize --from
> dc1.miovision.corp
> Update in progress
> Update in progress
> Update in progress
> Update in progress
> Update in progress
> .....
Ok. This appears to be hanging somewhere. Will need to get more
information.
First, install the debuginfo packages
debuginfo-install 389-ds-base ipa-server
install gdb
yum install gdb
Then run gdb like this:
gdb -ex 'set confirm off' -ex 'set pagination off' -ex 'thread apply all bt full' -ex 'quit' /usr/sbin/ns-slapd `pidof ns-slapd` > stacktrace.`date +%s`.txt 2>&1
>
> *****************************************************************
>
> [root at ipa1 slapd-MIOVISION-LINUX]# pstack 5252
>
> Thread 43 (Thread 0x7fd38dcc7700 (LWP 5255)):
> #0 0x00007fd39a6ff4f3 in select () from /lib64/libc.so.6
> #1 0x00007fd39cc05679 in DS_Sleep () from /usr/lib64/dirsrv/libslapd.so.0
> #2 0x00007fd3921d8d27 in ?? () from
> /usr/lib64/dirsrv/plugins/libback-ldbm.so
> #3 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #4 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #5 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 42 (Thread 0x7fd38d2c6700 (LWP 5256)):
> #0 0x00007fd39a6ff4f3 in select () from /lib64/libc.so.6
> #1 0x00007fd39cc05679 in DS_Sleep () from /usr/lib64/dirsrv/libslapd.so.0
> #2 0x00007fd3921d9177 in ?? () from
> /usr/lib64/dirsrv/plugins/libback-ldbm.so
> #3 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #4 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #5 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 41 (Thread 0x7fd38c8c5700 (LWP 5257)):
> #0 0x00007fd39a6ff4f3 in select () from /lib64/libc.so.6
> #1 0x00007fd39cc05679 in DS_Sleep () from /usr/lib64/dirsrv/libslapd.so.0
> #2 0x00007fd3921d8f87 in ?? () from
> /usr/lib64/dirsrv/plugins/libback-ldbm.so
> #3 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #4 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #5 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 40 (Thread 0x7fd38bec4700 (LWP 5258)):
> #0 0x00007fd39a6ff4f3 in select () from /lib64/libc.so.6
> #1 0x00007fd39cc05679 in DS_Sleep () from /usr/lib64/dirsrv/libslapd.so.0
> #2 0x00007fd3921d9617 in ?? () from
> /usr/lib64/dirsrv/plugins/libback-ldbm.so
> #3 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #4 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #5 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 39 (Thread 0x7fd38b4c3700 (LWP 5259)):
> #0 0x00007fd39a9bc43c in pthread_cond_wait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00fe7e in PR_WaitCondVar () from /lib64/libnspr4.so
> #2 0x00007fd39cbf94eb in slapi_wait_condvar () from
> /usr/lib64/dirsrv/libslapd.so.0
> #3 0x00007fd393ca0f2e in ?? () from
> /usr/lib64/dirsrv/plugins/libcos-plugin.so
> #4 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #5 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #6 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 38 (Thread 0x7fd39cfbf700 (LWP 5260)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x00007fd391f47c57 in ?? () from
> /usr/lib64/dirsrv/plugins/libreplication-plugin.so
> #4 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #5 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #6 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 37 (Thread 0x7fd38aac2700 (LWP 5261)):
> #0 0x00007fd39cb99e5c in slapi_sdn_done () from
> /usr/lib64/dirsrv/libslapd.so.0
> #1 0x00007fd391f841b2 in ?? () from
> /usr/lib64/dirsrv/plugins/libreplication-plugin.so
> #2 0x00007fd391f843ac in ?? () from
> /usr/lib64/dirsrv/plugins/libreplication-plugin.so
> #3 0x00007fd391f88395 in windows_dirsync_inc_run () from
> /usr/lib64/dirsrv/plugins/libreplication-plugin.so
> #4 0x00007fd391f8d63d in ?? () from
> /usr/lib64/dirsrv/plugins/libreplication-plugin.so
> #5 0x00007fd391f61c2a in ?? () from
> /usr/lib64/dirsrv/plugins/libreplication-plugin.so
> #6 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #7 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #8 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 36 (Thread 0x7fd38a0c1700 (LWP 5262)):
> #0 0x00007fd39a9bc43c in pthread_cond_wait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00fe7e in PR_WaitCondVar () from /lib64/libnspr4.so
> #2 0x00007fd39cbf94eb in slapi_wait_condvar () from
> /usr/lib64/dirsrv/libslapd.so.0
> #3 0x00007fd3908ad1df in ?? () from
> /usr/lib64/dirsrv/plugins/libroles-plugin.so
> #4 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #5 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #6 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 35 (Thread 0x7fd3896c0700 (LWP 5263)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x000000000041b2b3 in ?? ()
> #4 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #5 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #6 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 34 (Thread 0x7fd388cbf700 (LWP 5264)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x00007fd39cbaab87 in ?? () from /usr/lib64/dirsrv/libslapd.so.0
> #4 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #5 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #6 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 33 (Thread 0x7fd37bd8e700 (LWP 5265)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 32 (Thread 0x7fd37b38d700 (LWP 5266)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 31 (Thread 0x7fd37a98c700 (LWP 5267)):
> #0 0x00007fd39a6fd253 in poll () from /lib64/libc.so.6
> #1 0x00007fd39b01189f in ?? () from /lib64/libnspr4.so
> #2 0x0000000000412cf1 in ?? ()
> #3 0x00000000004137c0 in ?? ()
> #4 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #5 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #6 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 30 (Thread 0x7fd379f8b700 (LWP 5268)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 29 (Thread 0x7fd37958a700 (LWP 5269)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 28 (Thread 0x7fd378b89700 (LWP 5270)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 27 (Thread 0x7fd373fff700 (LWP 5271)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 26 (Thread 0x7fd3735fe700 (LWP 5272)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 25 (Thread 0x7fd372bfd700 (LWP 5273)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 24 (Thread 0x7fd3721fc700 (LWP 5274)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 23 (Thread 0x7fd3717fb700 (LWP 5275)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 22 (Thread 0x7fd370dfa700 (LWP 5276)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 21 (Thread 0x7fd3703f9700 (LWP 5277)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 20 (Thread 0x7fd36f9f8700 (LWP 5278)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 19 (Thread 0x7fd36eff7700 (LWP 5279)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 18 (Thread 0x7fd36e5f6700 (LWP 5280)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 17 (Thread 0x7fd36dbf5700 (LWP 5281)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 16 (Thread 0x7fd36d1f4700 (LWP 5282)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 15 (Thread 0x7fd36c7f3700 (LWP 5283)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 14 (Thread 0x7fd36bdf2700 (LWP 5284)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 13 (Thread 0x7fd36b3f1700 (LWP 5285)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 12 (Thread 0x7fd36a9f0700 (LWP 5286)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 11 (Thread 0x7fd369fef700 (LWP 5287)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 10 (Thread 0x7fd3695ee700 (LWP 5288)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 9 (Thread 0x7fd368bed700 (LWP 5289)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 8 (Thread 0x7fd3681ec700 (LWP 5290)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 7 (Thread 0x7fd3677eb700 (LWP 5291)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 6 (Thread 0x7fd366dea700 (LWP 5292)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 5 (Thread 0x7fd3663e9700 (LWP 5293)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 4 (Thread 0x7fd3659e8700 (LWP 5294)):
> #0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
> #2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
> #3 0x0000000000413316 in ?? ()
> #4 0x0000000000413dae in ?? ()
> #5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 3 (Thread 0x7fd364fe7700 (LWP 5295)):
> #0 0x00007fd39a6ff4f3 in select () from /lib64/libc.so.6
> #1 0x00007fd39cc05679 in DS_Sleep () from /usr/lib64/dirsrv/libslapd.so.0
> #2 0x0000000000416b05 in ?? ()
> #3 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #4 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #5 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 2 (Thread 0x7fd357fff700 (LWP 5296)):
> #0 0x00007fd39a9bc43c in pthread_cond_wait@@GLIBC_2.3.2 () from
> /lib64/libpthread.so.0
> #1 0x00007fd39b00fe7e in PR_WaitCondVar () from /lib64/libnspr4.so
> #2 0x0000000000421cb5 in ?? ()
> #3 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
> #4 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
> #5 0x00007fd39a70690d in clone () from /lib64/libc.so.6
> Thread 1 (Thread 0x7fd39d05d7c0 (LWP 5252)):
> #0 0x00007fd39a6fd253 in poll () from /lib64/libc.so.6
> #1 0x00007fd39b01189f in ?? () from /lib64/libnspr4.so
> #2 0x0000000000417ea7 in ?? ()
> #3 0x000000000041f16f in ?? ()
> #4 0x00007fd39a63ccdd in __libc_start_main () from /lib64/libc.so.6
> #5 0x000000000040d159 in ?? ()
> #6 0x00007fff63e04c98 in ?? ()
> #7 0x000000000000001c in ?? ()
> #8 0x0000000000000007 in ?? ()
> #9 0x00007fff63e06629 in ?? ()
> #10 0x00007fff63e0663c in ?? ()
> #11 0x00007fff63e0663f in ?? ()
> #12 0x00007fff63e06661 in ?? ()
> #13 0x00007fff63e06664 in ?? ()
> #14 0x00007fff63e0668e in ?? ()
> #15 0x00007fff63e06691 in ?? ()
> #16 0x0000000000000000 in ?? ()
>
>
>
>
>
> Steve Dainard
> Infrastructure Manager
> Miovision Technologies Inc.
>
>
>
> On Tue, May 21, 2013 at 3:22 PM, Rich Megginson <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>> wrote:
>
> On 05/21/2013 11:58 AM, Steve Dainard wrote:
>> So over the weekend, with some serious tinkering I managed to
>> brick that install beyond recovery.
>>
>> I've reinstalled, setup freeipa as a standalone CA with dns, and
>> did the initial winsync agreement.
>>
>> After the initial agreement was synced I modified the
>> nsds7WindowsReplicaSubtree entry
>
> How? ldapmodify?
>
>
> Yes, see above process for syntax used.
>
>
>
>> to reflect the AD group I want users sync'd from: CN=Shared
>> Login, CN=Users,DC=miovision,DC=corp.
>
> Why didn't you just specify "CN=Shared Login,
> CN=Users,DC=miovision,DC=corp" initially with ipa-replica-manage
> --win-subtree?
>
>
>> Note when attempting to do an initial ldapsearch I got a 'can't
>> connect to LDAP server' message,
>
> Can you provide the exact ldapsearch command line you tried?
>
>
>
> Yes, see above process for syntax used.
>
>
>
>
>> and had to manually start dirsrv... this is probably already a
>> bad sign.
>
> Was dirsrv running after you modified the
> nsds7WindowsReplicaSubtree entry?
> Did dirsrv crash? Do see any "Detected Disorderly Shutdown"
> messages in your errors logs?
>
>
>
> Dirsrv seems to have stopped right after winsync agreement was formed.
> In logs I don't see anything resembling a crash, but I do see shutdown
> notifications. Full log:
>
> [21/May/2013:12:19:12 -0400] - WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to
> access the database
> [21/May/2013:12:19:12 -0400] - check_and_set_import_cache: pagesize:
> 4096, pages: 255146, procpages: 51280
> [21/May/2013:12:19:12 -0400] - WARNING: After allocating import cache
> 408232KB, the available memory is 612352KB, which is less than the
> soft limit 1048576KB. You may want to decrease the import cache size
> and rerun import.
> [21/May/2013:12:19:12 -0400] - Import allocates 408232KB import cache.
> [21/May/2013:12:19:12 -0400] - import userRoot: Beginning import job...
> [21/May/2013:12:19:12 -0400] - import userRoot: Index buffering
> enabled with bucket size 100
> [21/May/2013:12:19:12 -0400] - import userRoot: Processing file
> "/var/lib/dirsrv/boot.ldif"
> [21/May/2013:12:19:12 -0400] - import userRoot: Finished scanning file
> "/var/lib/dirsrv/boot.ldif" (1 entries)
> [21/May/2013:12:19:13 -0400] - import userRoot: Workers finished;
> cleaning up...
> [21/May/2013:12:19:13 -0400] - import userRoot: Workers cleaned up.
> [21/May/2013:12:19:13 -0400] - import userRoot: Cleaning up producer
> thread...
> [21/May/2013:12:19:13 -0400] - import userRoot: Indexing complete.
> Post-processing...
> [21/May/2013:12:19:13 -0400] - import userRoot: Generating
> numSubordinates complete.
> [21/May/2013:12:19:13 -0400] - Nothing to do to build ancestorid index
> [21/May/2013:12:19:13 -0400] - import userRoot: Flushing caches...
> [21/May/2013:12:19:13 -0400] - import userRoot: Closing files...
> [21/May/2013:12:19:13 -0400] - All database threads now stopped
> [21/May/2013:12:19:13 -0400] - import userRoot: Import complete.
> Processed 1 entries in 1 seconds. (1.00 entries/sec)
> [21/May/2013:12:19:15 -0400] - 389-Directory/1.2.11.15
> <http://1.2.11.15> B2013.105.2259 starting up
> [21/May/2013:12:19:15 -0400] - Db home directory is not set. Possibly
> nsslapd-directory (optinally nsslapd-db-home-directory) is missing in
> the config file.
> [21/May/2013:12:19:15 -0400] - I'm resizing my cache now...cache was
> 418029568 and is now 8000000
> [21/May/2013:12:19:16 -0400] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [21/May/2013:12:19:16 -0400] - slapd shutting down - signaling
> operation threads
> [21/May/2013:12:19:16 -0400] - slapd shutting down - closing down
> internal subsystems and plugins
> [21/May/2013:12:19:16 -0400] - Waiting for 4 database threads to stop
> [21/May/2013:12:19:17 -0400] - All database threads now stopped
> [21/May/2013:12:19:17 -0400] - slapd stopped.
> [21/May/2013:12:19:19 -0400] - 389-Directory/1.2.11.15
> <http://1.2.11.15> B2013.105.2259 starting up
> [21/May/2013:12:19:19 -0400] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [21/May/2013:12:19:20 -0400] - The change of nsslapd-ldapilisten will
> not take effect until the server is restarted
> [21/May/2013:12:19:40 -0400] - Warning: Adding configuration attribute
> "nsslapd-security"
> [21/May/2013:12:19:40 -0400] - slapd shutting down - signaling
> operation threads
> [21/May/2013:12:19:40 -0400] - slapd shutting down - closing down
> internal subsystems and plugins
> [21/May/2013:12:19:40 -0400] - Waiting for 4 database threads to stop
> [21/May/2013:12:19:40 -0400] - All database threads now stopped
> [21/May/2013:12:19:40 -0400] - slapd stopped.
> [21/May/2013:12:19:41 -0400] - 389-Directory/1.2.11.15
> <http://1.2.11.15> B2013.105.2259 starting up
> [21/May/2013:12:19:41 -0400] attrcrypt - No symmetric key found for
> cipher AES in backend userRoot, attempting to create one...
> [21/May/2013:12:19:41 -0400] attrcrypt - Key for cipher AES
> successfully generated and stored
> [21/May/2013:12:19:41 -0400] attrcrypt - No symmetric key found for
> cipher 3DES in backend userRoot, attempting to create one...
> [21/May/2013:12:19:41 -0400] attrcrypt - Key for cipher 3DES
> successfully generated and stored
> [21/May/2013:12:19:41 -0400] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [21/May/2013:12:19:41 -0400] - Listening on All Interfaces port 636
> for LDAPS requests
> [21/May/2013:12:19:41 -0400] - Listening on
> /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
> [21/May/2013:12:19:42 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found,
> which should be added before the CoS Definition.
> [21/May/2013:12:19:51 -0400] - slapd shutting down - signaling
> operation threads
> [21/May/2013:12:19:51 -0400] - slapd shutting down - closing down
> internal subsystems and plugins
> [21/May/2013:12:19:51 -0400] - Waiting for 4 database threads to stop
> [21/May/2013:12:19:51 -0400] - All database threads now stopped
> [21/May/2013:12:19:51 -0400] - slapd stopped.
> [21/May/2013:12:19:53 -0400] - 389-Directory/1.2.11.15
> <http://1.2.11.15> B2013.105.2259 starting up
> [21/May/2013:12:19:53 -0400] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=miovision,dc=linux
> [21/May/2013:12:19:53 -0400] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=miovision,dc=linux
> [21/May/2013:12:19:53 -0400] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=miovision,dc=linux
> [21/May/2013:12:19:53 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found,
> which should be added before the CoS Definition.
> [21/May/2013:12:19:53 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found,
> which should be added before the CoS Definition.
> [21/May/2013:12:19:53 -0400] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [21/May/2013:12:19:53 -0400] - Listening on All Interfaces port 636
> for LDAPS requests
> [21/May/2013:12:19:53 -0400] - Listening on
> /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
> [21/May/2013:12:19:53 -0400] - The change of nsslapd-maxdescriptors
> will not take effect until the server is restarted
> [21/May/2013:12:23:37 -0400] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=miovision,dc=linux
> [21/May/2013:12:23:37 -0400] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=miovision,dc=linux
> [21/May/2013:12:23:43 -0400] - userRoot: Indexing attribute: memberuid
> [21/May/2013:12:23:43 -0400] - userRoot: Finished indexing.
> [21/May/2013:12:23:49 -0400] - userRoot: Indexing attribute:
> ntUserDomainId
> [21/May/2013:12:23:49 -0400] - userRoot: Finished indexing.
> [21/May/2013:12:23:55 -0400] - userRoot: Indexing attribute: ntUniqueId
> [21/May/2013:12:23:55 -0400] - userRoot: Finished indexing.
> [21/May/2013:12:23:57 -0400] - slapd shutting down - signaling
> operation threads
> [21/May/2013:12:23:57 -0400] - slapd shutting down - closing down
> internal subsystems and plugins
> [21/May/2013:12:23:57 -0400] - Waiting for 4 database threads to stop
> [21/May/2013:12:23:57 -0400] - All database threads now stopped
> [21/May/2013:12:23:57 -0400] - slapd stopped.
> [21/May/2013:12:24:01 -0400] - 389-Directory/1.2.11.15
> <http://1.2.11.15> B2013.105.2259 starting up
> [21/May/2013:12:24:01 -0400] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=miovision,dc=linux
> [21/May/2013:12:24:01 -0400] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=miovision,dc=linux
> [21/May/2013:12:24:01 -0400] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=miovision,dc=linux
> [21/May/2013:12:24:01 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found,
> which should be added before the CoS Definition.
> [21/May/2013:12:24:01 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found,
> which should be added before the CoS Definition.
> [21/May/2013:12:24:01 -0400] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [21/May/2013:12:24:01 -0400] - Listening on All Interfaces port 636
> for LDAPS requests
> [21/May/2013:12:24:01 -0400] - Listening on
> /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
> [21/May/2013:12:50:13 -0400] - slapd shutting down - signaling
> operation threads
> [21/May/2013:12:50:13 -0400] - slapd shutting down - closing down
> internal subsystems and plugins
> [21/May/2013:12:50:13 -0400] - Waiting for 4 database threads to stop
> [21/May/2013:12:50:13 -0400] - All database threads now stopped
> [21/May/2013:12:50:13 -0400] - slapd stopped.
> [21/May/2013:12:50:16 -0400] - 389-Directory/1.2.11.15
> <http://1.2.11.15> B2013.105.2259 starting up
> [21/May/2013:12:50:16 -0400] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=miovision,dc=linux
> [21/May/2013:12:50:16 -0400] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=miovision,dc=linux
> [21/May/2013:12:50:16 -0400] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=miovision,dc=linux
> [21/May/2013:12:50:16 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found,
> which should be added before the CoS Definition.
> [21/May/2013:12:50:16 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found,
> which should be added before the CoS Definition.
> [21/May/2013:12:50:16 -0400] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [21/May/2013:12:50:16 -0400] - Listening on All Interfaces port 636
> for LDAPS requests
> [21/May/2013:12:50:16 -0400] - Listening on
> /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
> [21/May/2013:12:50:18 -0400] - Entry
> "cn=meTodc1.miovision.corp,cn=replica,cn=dc\3Dmiovision\2Cdc\3Dlinux,cn=mapping
> tree,cn=config" -- attribute "nsDS5ReplicatedAttributeListTotal" not
> allowed
> [21/May/2013:12:50:18 -0400] NSMMReplicationPlugin -
> agmt="cn=meTodc1.miovision.corp" (dc1:389): Replica has no update
> vector. It has never been initialized.
> [21/May/2013:12:50:18 -0400] NSMMReplicationPlugin -
> agmt="cn=meTodc1.miovision.corp" (dc1:389): Replica has no update
> vector. It has never been initialized.
> [21/May/2013:12:50:18 -0400] NSMMReplicationPlugin -
> agmt="cn=meTodc1.miovision.corp" (dc1:389): Replica has no update
> vector. It has never been initialized.
> [21/May/2013:12:50:20 -0400] NSMMReplicationPlugin - Beginning total
> update of replica "agmt="cn=meTodc1.miovision.corp" (dc1:389)".
> [21/May/2013:12:50:21 -0400] - Entry
> "uid=krbtgt,cn=users,cn=accounts,dc=miovision,dc=linux" missing
> attribute "sn" required by object class "person"
> [21/May/2013:12:50:21 -0400] - Entry
> "uid=krbtgt_18424,cn=users,cn=accounts,dc=miovision,dc=linux" missing
> attribute "sn" required by object class "person"
> [21/May/2013:12:50:21 -0400] - Entry
> "uid=IUSR_MIOFILES,cn=users,cn=accounts,dc=miovision,dc=linux" missing
> attribute "sn" required by object class "person"
> [21/May/2013:12:50:21 -0400] - Entry
> "uid=IWAM_MIOFILES,cn=users,cn=accounts,dc=miovision,dc=linux" missing
> attribute "sn" required by object class "person"
> [21/May/2013:12:50:21 -0400] - Entry
> "uid=backup,cn=users,cn=accounts,dc=miovision,dc=linux" missing
> attribute "sn" required by object class "person"
> [21/May/2013:12:50:21 -0400] - Entry
> "uid=Guest,cn=users,cn=accounts,dc=miovision,dc=linux" missing
> attribute "sn" required by object class "person"
> [21/May/2013:12:50:22 -0400] - Entry
> "uid=ldap-auth,cn=users,cn=accounts,dc=miovision,dc=linux" missing
> attribute "sn" required by object class "person"
> [21/May/2013:12:50:22 -0400] - Entry
> "uid=Administrator,cn=users,cn=accounts,dc=miovision,dc=linux" missing
> attribute "sn" required by object class "person"
> [21/May/2013:12:50:22 -0400] NSMMReplicationPlugin - Finished total
> update of replica "agmt="cn=meTodc1.miovision.corp" (dc1:389)". Sent 2
> entries.
> [21/May/2013:12:50:23 -0400] - slapd shutting down - signaling
> operation threads
> [21/May/2013:12:50:23 -0400] - slapd shutting down - closing down
> internal subsystems and plugins
> [21/May/2013:12:50:23 -0400] - Waiting for 4 database threads to stop
> [21/May/2013:12:50:23 -0400] - All database threads now stopped
> [21/May/2013:12:50:23 -0400] - slapd stopped.
> [21/May/2013:12:54:14 -0400] - 389-Directory/1.2.11.15
> <http://1.2.11.15> B2013.105.2259 starting up
> [21/May/2013:12:54:14 -0400] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=miovision,dc=linux
> [21/May/2013:12:54:14 -0400] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=miovision,dc=linux
> [21/May/2013:12:54:14 -0400] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=miovision,dc=linux
> [21/May/2013:12:54:14 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found,
> which should be added before the CoS Definition.
> [21/May/2013:12:54:14 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found,
> which should be added before the CoS Definition.
> [21/May/2013:12:54:14 -0400] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [21/May/2013:12:54:14 -0400] - Listening on All Interfaces port 636
> for LDAPS requests
> [21/May/2013:12:54:14 -0400] - Listening on
> /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
> [21/May/2013:12:58:56 -0400] NSMMReplicationPlugin - Beginning total
> update of replica "agmt="cn=meTodc1.miovision.corp" (dc1:389)".
> [21/May/2013:13:54:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:13:59:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:14:04:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:14:06:21 -0400] - _csngen_adjust_local_time: gen state
> before 519bae7c0001:1369157244:0:0
> [21/May/2013:14:06:21 -0400] - _csngen_adjust_local_time: gen state
> after 519bb79d0000:1369159581:0:0
> [21/May/2013:14:06:21 -0400] NSMMReplicationPlugin -
> ruv_add_csn_inprogress: successfully inserted csn 519bb79d000000030000
> into pending list
> [21/May/2013:14:06:21 -0400] NSMMReplicationPlugin - Purged state
> information from entry
> fqdn=ipa1.miovision.linux,cn=computers,cn=accounts,dc=miovision,dc=linux
> up to CSN 519273fc000000030000
> [21/May/2013:14:06:21 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFileByReplicaName: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:14:06:21 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFileByReplicaName: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:14:06:21 -0400] NSMMReplicationPlugin - ruv_update_ruv:
> successfully committed csn 519bb79d000000030000
> [21/May/2013:14:06:46 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFile: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:14:06:46 -0400] NSMMReplicationPlugin - changelog program
> - cl5GetOperationCount: found DB object 26158b0
> [21/May/2013:14:09:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:14:14:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:14:19:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:14:24:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:14:29:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:14:31:18 -0400] - _csngen_adjust_local_time: gen state
> before 519bb79d0001:1369159581:0:0
> [21/May/2013:14:31:18 -0400] - _csngen_adjust_local_time: gen state
> after 519bbd760000:1369161078:0:0
> [21/May/2013:14:31:18 -0400] NSMMReplicationPlugin -
> ruv_add_csn_inprogress: successfully inserted csn 519bbd76000000030000
> into pending list
> [21/May/2013:14:31:18 -0400] NSMMReplicationPlugin - Purged state
> information from entry
> uid=admin,cn=users,cn=accounts,dc=miovision,dc=linux up to CSN
> 51927d1d000000030000
> [21/May/2013:14:31:18 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFileByReplicaName: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:14:31:18 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFileByReplicaName: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:14:31:18 -0400] NSMMReplicationPlugin - ruv_update_ruv:
> successfully committed csn 519bbd76000000030000
> [21/May/2013:14:31:26 -0400] - _csngen_adjust_local_time: gen state
> before 519bbd760001:1369161078:0:0
> [21/May/2013:14:31:26 -0400] - _csngen_adjust_local_time: gen state
> after 519bbd7e0000:1369161086:0:0
> [21/May/2013:14:31:26 -0400] NSMMReplicationPlugin -
> ruv_add_csn_inprogress: successfully inserted csn 519bbd7e000000030000
> into pending list
> [21/May/2013:14:31:26 -0400] NSMMReplicationPlugin - Purged state
> information from entry
> uid=admin,cn=users,cn=accounts,dc=miovision,dc=linux up to CSN
> 519282f6000000030000
> [21/May/2013:14:31:26 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFileByReplicaName: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:14:31:26 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFileByReplicaName: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:14:31:26 -0400] NSMMReplicationPlugin - ruv_update_ruv:
> successfully committed csn 519bbd7e000000030000
> [21/May/2013:14:31:46 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFile: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:14:31:46 -0400] NSMMReplicationPlugin - changelog program
> - cl5GetOperationCount: found DB object 26158b0
> [21/May/2013:14:34:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:14:39:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:14:44:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:14:49:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:14:54:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:14:59:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:15:04:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:15:09:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:15:14:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:15:19:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:15:24:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:15:29:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:15:34:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:15:39:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:15:44:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:15:46:24 -0400] - _csngen_adjust_local_time: gen state
> before 519bbd7e0001:1369161086:0:0
> [21/May/2013:15:46:24 -0400] - _csngen_adjust_local_time: gen state
> after 519bcf100000:1369165584:0:0
> [21/May/2013:15:46:24 -0400] NSMMReplicationPlugin -
> ruv_add_csn_inprogress: successfully inserted csn 519bcf10000000030000
> into pending list
> [21/May/2013:15:46:24 -0400] NSMMReplicationPlugin - Purged state
> information from entry
> fqdn=ipa1.miovision.linux,cn=computers,cn=accounts,dc=miovision,dc=linux
> up to CSN 519282fe000000030000
> [21/May/2013:15:46:24 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFileByReplicaName: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:15:46:24 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFileByReplicaName: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:15:46:24 -0400] NSMMReplicationPlugin - ruv_update_ruv:
> successfully committed csn 519bcf10000000030000
> [21/May/2013:15:46:46 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFile: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:15:46:46 -0400] NSMMReplicationPlugin - changelog program
> - cl5GetOperationCount: found DB object 26158b0
> [21/May/2013:15:49:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:15:54:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:15:59:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:16:04:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:16:09:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:16:14:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:16:19:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:16:24:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:16:29:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:16:34:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:16:39:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:16:44:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:16:49:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:16:54:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:16:59:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:17:04:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:17:09:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:17:14:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:17:19:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:17:24:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:17:26:31 -0400] - _csngen_adjust_local_time: gen state
> before 519bcf100001:1369165584:0:0
> [21/May/2013:17:26:31 -0400] - _csngen_adjust_local_time: gen state
> after 519be6870000:1369171591:0:0
> [21/May/2013:17:26:31 -0400] NSMMReplicationPlugin -
> ruv_add_csn_inprogress: successfully inserted csn 519be687000000030000
> into pending list
> [21/May/2013:17:26:31 -0400] NSMMReplicationPlugin - Purged state
> information from entry
> fqdn=ipa1.miovision.linux,cn=computers,cn=accounts,dc=miovision,dc=linux
> up to CSN 51929490000000030000
> [21/May/2013:17:26:31 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFileByReplicaName: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:17:26:31 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFileByReplicaName: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:17:26:31 -0400] NSMMReplicationPlugin - ruv_update_ruv:
> successfully committed csn 519be687000000030000
> [21/May/2013:17:26:46 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFile: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:17:26:46 -0400] NSMMReplicationPlugin - changelog program
> - cl5GetOperationCount: found DB object 26158b0
> [21/May/2013:17:29:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:17:34:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:17:39:14 -0400] NSMMReplicationPlugin - Running Dirsync
> [21/May/2013:17:41:32 -0400] - _csngen_adjust_local_time: gen state
> before 519be6870001:1369171591:0:0
> [21/May/2013:17:41:32 -0400] - _csngen_adjust_local_time: gen state
> after 519bea0c0000:1369172492:0:0
> [21/May/2013:17:41:32 -0400] NSMMReplicationPlugin -
> ruv_add_csn_inprogress: successfully inserted csn 519bea0c000000030000
> into pending list
> [21/May/2013:17:41:32 -0400] NSMMReplicationPlugin - Purged state
> information from entry
> fqdn=ipa1.miovision.linux,cn=computers,cn=accounts,dc=miovision,dc=linux
> up to CSN 5192ac07000000030000
> [21/May/2013:17:41:32 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFileByReplicaName: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:17:41:32 -0400] NSMMReplicationPlugin - changelog program
> - _cl5GetDBFileByReplicaName: found DB object 26158b0 for database
> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
> [21/May/2013:17:41:32 -0400] NSMMReplicationPlugin - ruv_update_ruv:
> successfully committed csn 519bea0c000000030000
>
>
>>
>> Although the documentation mentions changes will be applied on
>> next sync when 'nsds7WindowsReplicaSubtree' is changed, they do not.
>
> Did you use ldapmodify to change it?
>
>
>
> Yes, see above process for syntax used.
>
>> Also if I try to include the --win-subtree=CN=Shared
>> Login,CN=Users,DC=miovision,DC=corp argument I get an invalid
>> password message this might be because I didn't quote the DN though.
>
> Yes, that's likely.
>
>
>> So I then ran ipa-replica-manage re-initialize --from
>> dc1.miovision.corp.
>>
>> I now have a screen session with an incredible amount of "Update
>> in progress" lines which has been running for about 30 minutes
>> now (triggered at 12:58:56). I tried this on the weekend as well,
>> and the process ran overnight so I killed it and had to start
>> from scratch again.
>>
>> The dirsrv error log is:
>> [21/May/2013:12:24:01 -0400] - slapd started. Listening on All
>> Interfaces port 389 for LDAP requests
>> [21/May/2013:12:24:01 -0400] - Listening on All Interfaces port
>> 636 for LDAPS requests
>> [21/May/2013:12:24:01 -0400] - Listening on
>> /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
>> [21/May/2013:12:50:13 -0400] - slapd shutting down - signaling
>> operation threads
>> [21/May/2013:12:50:13 -0400] - slapd shutting down - closing down
>> internal subsystems and plugins
>> [21/May/2013:12:50:13 -0400] - Waiting for 4 database threads to stop
>> [21/May/2013:12:50:13 -0400] - All database threads now stopped
>> [21/May/2013:12:50:13 -0400] - slapd stopped.
>> [21/May/2013:12:50:16 -0400] - 389-Directory/1.2.11.15
>> <http://1.2.11.15> B2013.105.2259 starting up
>> [21/May/2013:12:50:16 -0400] schema-compat-plugin - warning: no
>> entries set up under cn=computers, cn=compat,dc=miovision,dc=linux
>> [21/May/2013:12:50:16 -0400] schema-compat-plugin - warning: no
>> entries set up under cn=ng, cn=compat,dc=miovision,dc=linux
>> [21/May/2013:12:50:16 -0400] schema-compat-plugin - warning: no
>> entries set up under ou=sudoers,dc=miovision,dc=linux
>> [21/May/2013:12:50:16 -0400] - Skipping CoS Definition
>> cn=Password Policy,cn=accounts,dc=miovision,dc=linux--no CoS
>> Templates found, which should be added before the CoS Definition.
>> [21/May/2013:12:50:16 -0400] - Skipping CoS Definition
>> cn=Password Policy,cn=accounts,dc=miovision,dc=linux--no CoS
>> Templates found, which should be added before the CoS Definition.
>> [21/May/2013:12:50:16 -0400] - slapd started. Listening on All
>> Interfaces port 389 for LDAP requests
>> [21/May/2013:12:50:16 -0400] - Listening on All Interfaces port
>> 636 for LDAPS requests
>> [21/May/2013:12:50:16 -0400] - Listening on
>> /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
>> [21/May/2013:12:50:18 -0400] - Entry
>> "cn=meTodc1.miovision.corp,cn=replica,cn=dc\3Dmiovision\2Cdc\3Dlinux,cn=mapping
>> tree,cn=config" -- attribute "nsDS5ReplicatedAttributeListTotal"
>> not allowed
>> [21/May/2013:12:50:18 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): Replica has no update
>> vector. It has never been initialized.
>> [21/May/2013:12:50:18 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): Replica has no update
>> vector. It has never been initialized.
>> [21/May/2013:12:50:18 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): Replica has no update
>> vector. It has never been initialized.
>> [21/May/2013:12:50:20 -0400] NSMMReplicationPlugin - Beginning
>> total update of replica "agmt="cn=meTodc1.miovision.corp" (dc1:389)".
>> [21/May/2013:12:50:21 -0400] - Entry
>> "uid=krbtgt,cn=users,cn=accounts,dc=miovision,dc=linux" missing
>> attribute "sn" required by object class "person"
>> [21/May/2013:12:50:21 -0400] - Entry
>> "uid=krbtgt_18424,cn=users,cn=accounts,dc=miovision,dc=linux"
>> missing attribute "sn" required by object class "person"
>> [21/May/2013:12:50:21 -0400] - Entry
>> "uid=IUSR_MIOFILES,cn=users,cn=accounts,dc=miovision,dc=linux"
>> missing attribute "sn" required by object class "person"
>> [21/May/2013:12:50:21 -0400] - Entry
>> "uid=IWAM_MIOFILES,cn=users,cn=accounts,dc=miovision,dc=linux"
>> missing attribute "sn" required by object class "person"
>> [21/May/2013:12:50:21 -0400] - Entry
>> "uid=backup,cn=users,cn=accounts,dc=miovision,dc=linux" missing
>> attribute "sn" required by object class "person"
>> [21/May/2013:12:50:21 -0400] - Entry
>> "uid=Guest,cn=users,cn=accounts,dc=miovision,dc=linux" missing
>> attribute "sn" required by object class "person"
>> [21/May/2013:12:50:22 -0400] - Entry
>> "uid=ldap-auth,cn=users,cn=accounts,dc=miovision,dc=linux"
>> missing attribute "sn" required by object class "person"
>> [21/May/2013:12:50:22 -0400] - Entry
>> "uid=Administrator,cn=users,cn=accounts,dc=miovision,dc=linux"
>> missing attribute "sn" required by object class "person"
>> [21/May/2013:12:50:22 -0400] NSMMReplicationPlugin - Finished
>> total update of replica "agmt="cn=meTodc1.miovision.corp"
>> (dc1:389)". Sent 2 entries.
>> [21/May/2013:12:50:23 -0400] - slapd shutting down - signaling
>> operation threads
>> [21/May/2013:12:50:23 -0400] - slapd shutting down - closing down
>> internal subsystems and plugins
>> [21/May/2013:12:50:23 -0400] - Waiting for 4 database threads to stop
>> [21/May/2013:12:50:23 -0400] - All database threads now stopped
>> [21/May/2013:12:50:23 -0400] - slapd stopped.
>> [21/May/2013:12:54:14 -0400] - 389-Directory/1.2.11.15
>> <http://1.2.11.15> B2013.105.2259 starting up
>> [21/May/2013:12:54:14 -0400] schema-compat-plugin - warning: no
>> entries set up under cn=computers, cn=compat,dc=miovision,dc=linux
>> [21/May/2013:12:54:14 -0400] schema-compat-plugin - warning: no
>> entries set up under cn=ng, cn=compat,dc=miovision,dc=linux
>> [21/May/2013:12:54:14 -0400] schema-compat-plugin - warning: no
>> entries set up under ou=sudoers,dc=miovision,dc=linux
>> [21/May/2013:12:54:14 -0400] - Skipping CoS Definition
>> cn=Password Policy,cn=accounts,dc=miovision,dc=linux--no CoS
>> Templates found, which should be added before the CoS Definition.
>> [21/May/2013:12:54:14 -0400] - Skipping CoS Definition
>> cn=Password Policy,cn=accounts,dc=miovision,dc=linux--no CoS
>> Templates found, which should be added before the CoS Definition.
>> [21/May/2013:12:54:14 -0400] - slapd started. Listening on All
>> Interfaces port 389 for LDAP requests
>> [21/May/2013:12:54:14 -0400] - Listening on All Interfaces port
>> 636 for LDAPS requests
>> [21/May/2013:12:54:14 -0400] - Listening on
>> /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
>> [21/May/2013:12:58:56 -0400] NSMMReplicationPlugin - Beginning
>> total update of replica "agmt="cn=meTodc1.miovision.corp" (dc1:389)".
>>
>> Am I encountering this issue because of the win-subtree setting?
>
> What issue?
>
>
>
> Re-initialize process continues indefinitely displaying new lines
> "Update in progress", only users who are in
> CN=users,DC=miovision,DC=corp are shown in IPA web admin (from initial
> winsync agreement before re-initialize)
>
>> Is it considered bad practice to set a group like this?
>
> It should be fine.
>
>
>> I'm not sure what else I would do, as this is the only group
>> which contains all of my users, and they reside in their
>> respective OU's instead of Users CN.
>
> It should be fine.
>
>
>>
>> I've since enabled replication logging, but addtional information
>> is minimal:
>> [21/May/2013:12:58:56 -0400] NSMMReplicationPlugin - Beginning
>> total update of replica "agmt="cn=meTodc1.miovision.corp" (dc1:389)".
>> [21/May/2013:13:54:14 -0400] NSMMReplicationPlugin - Running Dirsync
>
> So it's hung here?
>
>
>
>
> Correct, see logs above
>
>
>>
>> #top shows ns-slapd maxing out the CPU.
>> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
>> 5252 dirsrv 20 0 1177m 33m 8464 S 99.8 3.3 57:17.08
>> ns-slapd
>
> Can you do a pstack of the process?
>
> pstack 5252
>>
>
> Yes, see output above.
>
>>
>>
>>
>> Steve Dainard
>> Infrastructure Manager
>> Miovision Technologies Inc.
>>
>>
>>
>> On Fri, May 17, 2013 at 2:09 PM, Rich Megginson
>> <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> wrote:
>>
>> On 05/17/2013 12:03 PM, Steve Dainard wrote:
>>> Thanks for getting me on the right track.
>>>
>>> Yes to the Windows sync agreement.
>>>
>>> I'm not sure if this is related to password sync'ing, but it
>>> looks like a sync operation is triggering (and failing)
>>> every 4 seconds on one of my users:
>>>
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389): State:
>>> start_backoff -> backoff
>>> [17/May/2013:13:28:42 -0400] - acquire_replica, supplier RUV:
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> supplier: {replicageneration} 50802036000000030000
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> supplier: {replica 3 ldap://ipa1.miovision.linux:389}
>>> 50802036000100030000 51966776000100030000 51966776
>>> [17/May/2013:13:28:42 -0400] - acquire_replica, consumer RUV:
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> consumer: {replicageneration} 50802036000000030000
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> consumer: {replica 3 ldap://ipa1.miovision.linux:389}
>>> 50802036000100030000 515ad91f000000030000 00000000
>>> [17/May/2013:13:28:42 -0400] - acquire_replica, supplier RUV
>>> is newer
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389): Cancelling
>>> linger on the connection
>>> [17/May/2013:13:28:42 -0400] - _csngen_adjust_local_time:
>>> gen state before 519668c60001:1368811718:0:0
>>> [17/May/2013:13:28:42 -0400] - _csngen_adjust_local_time:
>>> gen state after 519668ca0000:1368811722:0:0
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389): State: backoff
>>> -> sending_updates
>>> [17/May/2013:13:28:42 -0400] - csngen_adjust_time: gen state
>>> before 519668ca0001:1368811722:0:0
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> changelog program - _cl5GetDBFile: found DB object f6d910
>>> for database
>>> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/854fd282-193811e2-9177aa0d-17c9983f_50802036000000030000.db4
>>> [17/May/2013:13:28:42 -0400] - _cl5PositionCursorForReplay
>>> (agmt="cn=meTodc1.miovision.corp" (dc1:389)): Consumer RUV:
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389):
>>> {replicageneration} 50802036000000030000
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389): {replica 3
>>> ldap://ipa1.miovision.linux:389} 50802036000100030000
>>> 515ad91f000000030000 00000000
>>> [17/May/2013:13:28:42 -0400] - _cl5PositionCursorForReplay
>>> (agmt="cn=meTodc1.miovision.corp" (dc1:389)): Supplier RUV:
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389):
>>> {replicageneration} 50802036000000030000
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389): {replica 3
>>> ldap://ipa1.miovision.linux:389} 50802036000100030000
>>> 51966776000100030000 51966776
>>> [17/May/2013:13:28:42 -0400]
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389) -
>>> clcache_get_buffer: found thread private buffer cache
>>> 7f30bc061d00
>>> [17/May/2013:13:28:42 -0400]
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389) -
>>> clcache_get_buffer: _pool is 2e7cc10 _pool->pl_busy_lists is
>>> 7f30bc050790 _pool->pl_busy_lists->bl_buffers is 7f30bc061d00
>>> [17/May/2013:13:28:42 -0400]
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389) - session start:
>>> anchorcsn=515ad91f000000030000
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> changelog program - agmt="cn=meTodc1.miovision.corp"
>>> (dc1:389): CSN 515ad91f000000030000 found, position set for
>>> replay
>>> [17/May/2013:13:28:42 -0400]
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389) - load=1 rec=1
>>> csn=515ae3f4000000030000
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389):
>>> windows_replay_update: Looking at modify operation local
>>> dn="uid=jkeller,cn=users,cn=accounts,dc=miovision,dc=linux"
>>> (ours,user,not group)
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389):
>>> map_entry_dn_outbound: looking for AD entry for DS
>>> dn="uid=jkeller,cn=users,cn=accounts,dc=miovision,dc=linux"
>>> guid="ba17f9770e0c814cb9eea9df2d4df61a"
>>> [17/May/2013:13:28:42 -0400] - Calling windows entry search
>>> request plugin
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin - Could
>>> not retrieve entry from Windows using search base
>>> [<GUID=ba17f9770e0c814cb9eea9df2d4df61a>] scope [0] filter
>>> [(objectclass=*)]: error 1:Operations error
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389):
>>> map_entry_dn_outbound: return code -1 from search for AD
>>> entry dn="<GUID=ba17f9770e0c814cb9eea9df2d4df61a>" or
>>> dn="(null)"
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389):
>>> map_entry_dn_outbound: entry not found - rc -1
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389):
>>> windows_replay_update: Processing modify operation local
>>> dn="uid=jkeller,cn=users,cn=accounts,dc=miovision,dc=linux"
>>> remote dn="<GUID=ba17f9770e0c814cb9eea9df2d4df61a>"
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389):
>>> map_entry_dn_outbound: looking for AD entry for DS
>>> dn="uid=jkeller,cn=users,cn=accounts,dc=miovision,dc=linux"
>>> guid="ba17f9770e0c814cb9eea9df2d4df61a"
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389):
>>> map_entry_dn_outbound: looking for AD entry for DS
>>> dn="uid=jkeller,cn=users,cn=accounts,dc=miovision,dc=linux"
>>> username="jkeller"
>>> [17/May/2013:13:28:42 -0400] - Calling windows entry search
>>> request plugin
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin - Could
>>> not retrieve entry from Windows using search base
>>> [dc=miovision,dc=corp] scope [2] filter
>>> [(samAccountName=jkeller)]: error 1:Operations error
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389):
>>> map_entry_dn_outbound: entry not found - rc -1
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389):
>>> map_entry_dn_outbound: failed to fetch entry from AD:
>>> dn="uid=jkeller,cn=users,cn=accounts,dc=miovision,dc=linux",
>>> err=-1
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389):
>>> windows_replay_update: update password returned 1
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389): Consumer failed
>>> to replay change (uniqueid
>>> cd3be819-21c711e2-96aaaa0d-17c9983f, CSN
>>> 515ae3f4000000030000): Operations error. Will retry later.
>>> [17/May/2013:13:28:42 -0400]
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389) - session end:
>>> state=0 load=1 sent=1 skipped=0
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389): Beginning linger
>>> on the connection
>>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389): State:
>>> sending_updates -> start_backoff
>>>
>>>
>>>
>>> Here's the output of an ldapsearch for the user jkeller:
>>>
>>> #/usr/bin/ldapsearch -h dc1.miovision.corp -D
>>> "ldap-auth at miovision.corp" <mailto:ldap-auth at miovision.corp>
>>> -W -b "dc=miovision,dc=corp" '(samAccountName=jkeller)' cn
>>> samAccountName
>>>
>>> # Joel Keller, 01Engineering, miovision.corp
>>> dn: CN=Joel Keller,OU=01Engineering,DC=miovision,DC=corp
>>> cn: Joel Keller
>>> sAMAccountName: jkeller
>>>
>>>
>>>
>>> When I change my password on the IPA server, it looks like
>>> the change is queued:
>>>
>>> [17/May/2013:13:53:48 -0400] - _csngen_adjust_local_time:
>>> gen state before 51966eab0001:1368813227:0:0
>>> [17/May/2013:13:53:48 -0400] - _csngen_adjust_local_time:
>>> gen state after 51966eac0000:1368813228:0:0
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>>> ruv_add_csn_inprogress: successfully inserted csn
>>> 51966eac000000030000 into pending list
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - Purged
>>> state information from entry
>>> uid=sdainard,cn=users,cn=accounts,dc=miovision,dc=linux up
>>> to CSN 518d33f90007000300
>>> 00
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>>> changelog program - _cl5GetDBFileByReplicaName: found DB
>>> object f6d910 for database /var/lib/dirsrv/slapd-MIOVISION-LINU
>>> X/cldb/854fd282-193811e2-9177aa0d-17c9983f_50802036000000030000.db4
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>>> changelog program - _cl5GetDBFileByReplicaName: found DB
>>> object f6d910 for database /var/lib/dirsrv/slapd-MIOVISION-LINU
>>> X/cldb/854fd282-193811e2-9177aa0d-17c9983f_50802036000000030000.db4
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>>> ruv_update_ruv: successfully committed csn 51966eac000000030000
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>>> ruv_add_csn_inprogress: successfully inserted csn
>>> 51966eac000100030000 into pending list
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - Purged
>>> state information from entry
>>> uid=sdainard,cn=users,cn=accounts,dc=miovision,dc=linux up
>>> to CSN 518d342c0000000300
>>> 00
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>>> changelog program - _cl5GetDBFileByReplicaName: found DB
>>> object f6d910 for database
>>> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/854fd282-193811e2-9177aa0d-17c9983f_50802036000000030000.db4
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>>> changelog program - _cl5GetDBFileByReplicaName: found DB
>>> object f6d910 for database
>>> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/854fd282-193811e2-9177aa0d-17c9983f_50802036000000030000.db4
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>>> ruv_update_ruv: successfully committed csn 51966eac000100030000
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389): State:
>>> start_backoff -> backoff
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>>> ruv_add_csn_inprogress: successfully inserted csn
>>> 51966eac000200030000 into pending list
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - Purged
>>> state information from entry
>>> uid=sdainard,cn=users,cn=accounts,dc=miovision,dc=linux up
>>> to CSN 518d342c000100030000
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>>> changelog program - _cl5GetDBFileByReplicaName: found DB
>>> object f6d910 for database
>>> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/854fd282-193811e2-9177aa0d-17c9983f_50802036000000030000.db4
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>>> changelog program - _cl5GetDBFileByReplicaName: found DB
>>> object f6d910 for database
>>> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/854fd282-193811e2-9177aa0d-17c9983f_50802036000000030000.db4
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>>> ruv_update_ruv: successfully committed csn 51966eac000200030000
>>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>>> agmt="cn=meTodc1.miovision.corp" (dc1:389): State: backoff
>>> -> backoff
>>>
>>>
>>>
>>> Perhaps whatever is causing the sync error with user jkeller
>>> is holding up the queued transactions?
>>
>> Yes. It is attempting to replay the password change
>> operation. It first tries to find the entry in AD, but that
>> is failing with operations error.
>>
>> Try doing the ldapsearch with the same bind DN and password
>> you specified when you set up the winsync agreement. Or did
>> you use "ldap-auth at miovision.corp"
>> <mailto:ldap-auth at miovision.corp>?
>>
>> Another difference is that winsync uses LDAPS - so try this:
>>
>> LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-YOUR-DOMAIN ldapsearch -H
>> ldaps://dc1.miovision.corp -D "ldap-auth at miovision.corp"
>> <mailto:ldap-auth at miovision.corp> -W -b
>> "dc=miovision,dc=corp" '(samAccountName=jkeller)' cn
>> samAccountName
>>
>>
>>>
>>>
>>>
>>>
>>> Steve Dainard
>>> Infrastructure Manager
>>> Miovision Technologies Inc.
>>>
>>>
>>> On Fri, May 17, 2013 at 11:39 AM, Rich Megginson
>>> <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> wrote:
>>>
>>> On 05/17/2013 09:26 AM, Steve Dainard wrote:
>>>> Hello,
>>>>
>>>> We're running a single IPA server (CentOS 6) on our
>>>> network as a side project for some testing before we
>>>> implement.
>>>>
>>>> It had been a significant period of time since I had
>>>> last logged into the web interface, so I had to kinit
>>>> from a client machine (of which I had logged into
>>>> successfully with my domain password), at which point I
>>>> was requested to change my password. After the password
>>>> change I RDP'd into a Windows machine on our domain and
>>>> realized the password had not been updated on the
>>>> domain controller.
>>>>
>>>> Is the password sync feature with an external source
>>>> such as Active Directory supposed to be two-way? If so
>>>> where can I start troubleshooting this issue?
>>>
>>> Are you talking about a windows sync agreement you set
>>> up with ipa-replica-manage?
>>> If so, yes, the password sync is supposed to be two-way.
>>> Try this:
>>> turn on the replication log level
>>> http://port389.org/wiki/FAQ#Troubleshooting
>>> change your IPA password
>>> turn off the replication log level
>>> http://port389.org/wiki/FAQ#Troubleshooting
>>> see if you can use your new password in AD
>>>
>>> The 389 errors log in
>>> /var/log/dirsrv/slapd-YOUR-DOMAIN/errors may contain a clue.
>>>
>>>>
>>>> Thanks,
>>>>
>>>>
>>>>
>>>> Steve Dainard
>>>> Infrastructure Manager
>>>> Miovision Technologies Inc.
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130521/43fa7962/attachment.htm>
More information about the Freeipa-users
mailing list