[Freeipa-users] FreeIPA web UI Freezing up
Rich Megginson
rmeggins at redhat.com
Mon Jun 8 16:35:37 UTC 2015
On 06/08/2015 10:18 AM, nathan at nathanpeters.com wrote:
>>>> Is it possible this is an old winsync agreement that is no longer
>>>> valid?
>>> I have only ever made a single winsync agreement on this server that I
>>> know of. How would I tell if an agreement is no longer valid?
>>>
>>>
>> ldapsearch -xLLL -D "cn=directory manager" -W -b cn=config
>> objectclass=nsDSWindowsReplicationAgreement
>>
>>
> The output of that command seems to indicate that the replication
> agreement is valid and active?
>
> [root at dc1 sbin]# ldapsearch -xLLL -D "cn=directory manager" -W -b
> cn=config objectclass=nsDSWindowsReplicationAgreement
> Enter LDAP Password:
> dn: cn=meToofficedc2.office.addomain.net,cn=replica,cn=dc\3Dipadomain
> \2Cdc\3Dnet,cn=mapping tree,cn=config
> nsds7WindowsReplicaSubtree: OU=Staff,DC=office,DC=addomain,DC=net
> nsds7DirectoryReplicaSubtree: cn=users,cn=accounts,dc=ipadomain,dc=net
> cn: meToofficedc2.office.addomain.net
> nsds7NewWinGroupSyncEnabled: false
> objectClass: nsDSWindowsReplicationAgreement
> objectClass: top
> nsDS5ReplicaTransportInfo: TLS
> description: me to officedc2.office.addomain.net
> nsDS5ReplicaRoot: dc=ipadomain,dc=net
> nsDS5ReplicaHost: officedc2.office.addomain.net
> nsds5replicaTimeout: 120
> nsDS5ReplicaBindDN: cn=freeipa syncuser,ou=Service
> Account,dc=office,dc=addomain,dc=net
> nsds7NewWinUserSyncEnabled: true
> nsDS5ReplicaPort: 389
> nsds7WindowsDomain: ipadomain.net
> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof
> idnssoaserial
> entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
> nsDS5ReplicaBindMethod: simple
> nsDS5ReplicaCredentials:
> {AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRVVHQ1NxR1NJYjNEUUVG
> RERBNEJDUmtOelUzTTJJNVlpMDBaV1EyTTJRMQ0KWXkwNU0yTm1aV05sTVMxbU5qRXpaak5oTlFBQ
> 0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQlo1VnlCSTY1Yzl5cl
> Z0cWlCc0hDdQ==}ReODwX5Q7vLGjmdGX57pmrLWKFF61dPc5SzPhk3RnIM=
> nsds7DirsyncCookie::
> TVNEUwMAAACTPfpcG5fQAQAAAAAAAAAAYAEAAKU8nAAAAAAAAAAAAAAAA
> AClPJwAAAAAAMUjuImqVZhBkOkdt24C0IsBAAAAAAAAAA4AAAAAAAAAY4GwFkVcvEmMMExrVon4d6
> 13PwAAAAAADGzFNzznrESIxHzA74fbs0lWIQAAAAAAOnFoO5OE2E27lR/g4EcjQTLbIwAAAAAAuEm
> PWjYok0qGS0HM/+TDmK7FgAMAAAAA6PTFXvAdnkaJSIkZT1lS+4cAIQAAAAAA4qTQaC46/Ua4KXgP
> /ixNcerDRgAAAAAAWowbgYD1akibZ+sCul5C4dgsKwAAAAAAxSO4iapVmEGQ6R23bgLQi6U8nAAAA
> AAAogC6jFcyFUmhBp4B7FkaBWPPjAEAAAAAyhKMxsP0uUKGEnG2lsyA8eTUwgYAAAAA4n8Xx1bAlU
> mBUl3zhlZ9WBngDAAAAAAA71vM2ebFEkCJkBaLjB4CGU+4CQMAAAAAGfO+4ndZCkaVKnwZNlNsf90
> NDAAAAAAAgD6n+M2bcUGkOwo5gPLx7IOjAwAAAAAA
> oneWaySync: fromWindows
> nsds5replicareapactive: 0
> nsds5replicaLastUpdateStart: 20150608161149Z
> nsds5replicaLastUpdateEnd: 20150608161149Z
> nsds5replicaChangesSentSinceStartup:
> nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental
> upd
> ate started
This looks like incremental update is successful . . .
> nsds5replicaUpdateInProgress: FALSE
> nsds5replicaLastInitStart: 0
> nsds5replicaLastInitEnd: 0
. . . but this indicates that the sync agreement has never been
initialized, which would also correspond to the errors below. I'm
really puzzled as to how sync could possibly work if it has never been
initialized. And I'm also not sure how you could have created the sync
agreement using the IPA command line tools without initializing the
agreement. AFAIK, the only way to get rid of the errors is to
reinitialize http://linux.die.net/man/1/ipa-replica-manage
>
> However, my logs are still full of the following entry:
>
> [08/Jun/2015:15:50:15 +0000] NSMMReplicationPlugin - windows sync -
> agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
> no update vector. It has never been initialized.
> [08/Jun/2015:15:50:18 +0000] NSMMReplicationPlugin - windows sync -
> agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
> no update vector. It has never been initialized.
> [08/Jun/2015:15:50:21 +0000] NSMMReplicationPlugin - windows sync -
> agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
> no update vector. It has never been initialized.
> [08/Jun/2015:15:50:24 +0000] NSMMReplicationPlugin - windows sync -
> agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
> no update vector. It has never been initialized.
> [08/Jun/2015:15:50:27 +0000] NSMMReplicationPlugin - windows sync -
> agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
> no update vector. It has never been initialized.
> [08/Jun/2015:15:50:30 +0000] NSMMReplicationPlugin - windows sync -
> agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
> no update vector. It has never been initialized.
> [08/Jun/2015:15:50:33 +0000] NSMMReplicationPlugin - windows sync -
> agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
> no update vector. It has never been initialized.
> [08/Jun/2015:15:50:37 +0000] NSMMReplicationPlugin - windows sync -
> agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
> no update vector. It has never been initialized.
> [08/Jun/2015:15:50:40 +0000] NSMMReplicationPlugin - windows sync -
> agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
> no update vector. It has never been initialized.
> [08/Jun/2015:15:50:43 +0000] NSMMReplicationPlugin - windows sync -
> agmt="cn=meToofficedc2.office.addomain.net" (officedc2:389): Replica has
> no update vector. It has never been initialized.
>
More information about the Freeipa-users
mailing list