[Freeipa-users] Replica Problem (Errors)

Günther J. Niederwimmer gjn at gjn.priv.at
Sun Oct 23 13:01:31 UTC 2016 

Hello,

I have added on my ipa (Master) Server this user and ACI with a ldif file

ldapmodify -x -D 'cn=Directory Manager' -W
dn: uid=system,cn=sysaccounts,cn=etc,dc=example,dc=com
changetype: add
objectclass: account
objectclass: simplesecurityobject
uid: system
userPassword: secret123
passwordExpirationTime: 20380119031407Z
nsIdleTimeout: 0
<blank line>
^D

dn: cn=users,cn=accounts,dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="mailAlternateAddress")  
(targetfilter="(objectClass=mailrecipient)")
  (version
  3.0; acl "Allow system account to read mail address"; allow(read,
  search, compare) userdn =
  "ldap:///uid=system,cn=sysaccounts,cn=etc,dc=example,dc=com";)

This Ends with a 
modifying entry "cn=users,cn=accounts,dc=example,dc=com"

but now I have on the changed master this 100... Errors

[23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: could not 
delete change record 396504 (rc: 32)
[23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: could not 
delete change record 396505 (rc: 32)
[23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: could not 
delete change record 396506 (rc: 32)
[23/Oct/2016:13:37:08 +0200] NSMMReplicationPlugin - replication keep alive 
entry <cn=repl keep alive 4,dc=example,dc=com> already exists
[23/Oct/2016:13:38:57 +0200] attrlist_replace - attr_replace (nsslapd-
referral, ldap://ipa1.example.com:389/o%3Dipaca) failed.
[23/Oct/2016:13:38:57 +0200] attrlist_replace - attr_replace (nsslapd-
referral, ldap://ipa1.example.com:389/o%3Dipaca) failed.
[23/Oct/2016:13:38:57 +0200] attrlist_replace - attr_replace (nsslapd-
referral, ldap://ipa1.example.com:389/o%3Dipaca) failed.
[23/Oct/2016:13:39:20 +0200] NSMMReplicationPlugin - 
agmt="cn=meToipa1.example.com" (ipa1:389): Warning: Attempting to release 
replica, but unable to receive endReplication extended operation response from 
the replica. Error -1 (Can't contact LDAP server)
[23/Oct/2016:13:39:23 +0200] NSMMReplicationPlugin - 
agmt="cn=meToipa1.example.com" (ipa1:389): Replication bind with GSSAPI auth 
resumed
[23/Oct/2016:13:53:57 +0200] attrlist_replace - attr_replace (nsslapd-
referral, ldap://ipa1.example.com:389/o%3Dipaca) failed.
[23/Oct/2016:13:53:57 +0200] attrlist_replace - attr_replace (nsslapd-
referral, ldap://ipa1.example.com:389/o%3Dipaca) failed.
[23/Oct/2016:13:53:57 +0200] attrlist_replace - attr_replace (nsslapd-
referral, ldap://ipa1.example.com:389/o%3Dipaca) failed.
[23/Oct/2016:14:04:24 +0200] NSMMReplicationPlugin - replication keep alive 
entry <cn=repl keep alive 4,dc=example,dc=com> already exists
[23/Oct/2016:14:08:57 +0200] attrlist_replace - attr_replace (nsslapd-
referral, ldap://ipa1.example.com:389/o%3Dipaca) failed.
[23/Oct/2016:14:08:57 +0200] attrlist_replace - attr_replace (nsslapd-
referral, ldap://ipa1.example.com:389/o%3Dipaca) failed.
[23/Oct/2016:14:08:57 +0200] attrlist_replace - attr_replace (nsslapd-
referral, ldap://ipa1.example.com:389/o%3Dipaca) failed.
[23/Oct/2016:14:23:57 +0200] attrlist_replace - attr_replace (nsslapd-
referral, ldap://ipa1.example.com:389/o%3Dipaca) failed.
[23/Oct/2016:14:23:57 +0200] attrlist_replace - attr_replace (nsslapd-
referral, ldap://ipa1.example.com:389/o%3Dipaca) failed.
[23/Oct/2016:14:23:57 +0200] attrlist_replace - attr_replace (nsslapd-
referral, ldap://ipa1.example.com:389/o%3Dipaca) failed.
[23/Oct/2016:14:30:23 +0200] NSMMReplicationPlugin - replication keep alive 
entry <cn=repl keep alive 4,dc=example,dc=com> already exists


and on the replica (Master) this  1000....Errors

[23/Oct/2016:13:42:50 +0200] DSRetroclPlugin - delete_changerecord: could not 
delete change record 240846 (rc: 32)
[23/Oct/2016:13:42:50 +0200] DSRetroclPlugin - delete_changerecord: could not 
delete change record 240847 (rc: 32)
[23/Oct/2016:13:42:51 +0200] DSRetroclPlugin - delete_changerecord: could not 
delete change record 240848 (rc: 32)
[23/Oct/2016:13:42:51 +0200] DSRetroclPlugin - delete_changerecord: could not 
delete change record 240849 (rc: 32)
[23/Oct/2016:13:42:51 +0200] DSRetroclPlugin - delete_changerecord: could not 
delete change record 240850 (rc: 32)
[23/Oct/2016:13:42:51 +0200] DSRetroclPlugin - delete_changerecord: could not 
delete change record 240851 (rc: 32)
[23/Oct/2016:13:42:51 +0200] DSRetroclPlugin - delete_changerecord: could not 
delete change record 240852 (rc: 32)
[23/Oct/2016:13:42:51 +0200] DSRetroclPlugin - delete_changerecord: could not 
delete change record 240853 (rc: 32)

What is wrong with my changes, or have I to add my changes also on the 
Replicas ?

Thanks for a answer,

-- 
mit freundlichen Grüßen / best regards,

  Günther J. Niederwimmer

More information about the Freeipa-users mailing list