[Freeipa-users] Replica Problem (Errors)

Günther J. Niederwimmer gjn at gjn.priv.at
Mon Oct 24 11:21:10 UTC 2016 

Hello Ludwig,

thanks for the answer,


Am Montag, 24. Oktober 2016, 09:53:21 schrieb Ludwig Krispenz:
> On 10/23/2016 03:01 PM, Günther J. Niederwimmer wrote:
> > I have added on my ipa (Master) Server this user and ACI with a ldif file
> > 
> > ldapmodify -x -D 'cn=Directory Manager' -W
> > dn: uid=system,cn=sysaccounts,cn=etc,dc=example,dc=com
> > changetype: add
> > objectclass: account
> > objectclass: simplesecurityobject
> > uid: system
> > userPassword: secret123
> > passwordExpirationTime: 20380119031407Z
> > nsIdleTimeout: 0
> > <blank line>
> > ^D
> > 
> > dn: cn=users,cn=accounts,dc=example,dc=com
> > changetype: modify
> > add: aci
> > aci: (targetattr="mailAlternateAddress")
> > (targetfilter="(objectClass=mailrecipient)")
> > 
> >    (version
> >    3.0; acl "Allow system account to read mail address"; allow(read,
> >    search, compare) userdn =
> >    "ldap:///uid=system,cn=sysaccounts,cn=etc,dc=example,dc=com";)
> > 
> > This Ends with a
> > modifying entry "cn=users,cn=accounts,dc=example,dc=com"
> 
> these changes are not related to the errors you report below (I would be
> really surprised) and you only need to apply them on one server, that's
> what replication is good for.
> 
> There are a couple of different types of messages:
> - failed to delete changelog record: this is from retro changelog
> trimming, when miscalculation of the starting point for trimming starts
> with changenumber lower than what's in the retro changelog.
> In my experience this can happen after a crash/kill/reboot and should
> stop after som time

OK, nothing to do ;-).
 
> - attrlist_replace errors: looks like you have recreated a replica on a
> machine and not cleaned the RUV, please see:
> http://www.freeipa.org/page/Troubleshooting#Obsolete_RUV_records

I don't have add or remove a replica ? this two servers running now I mean 
over three month ?

The last I remember I add a 3rd Party Certificate ?

but I don't found before so much Errors :-(.

Is there a possible way to check a freeIPA Installation, to find out for a 
"normal" user to have a consistent System ?

> - keep-alive already exists: this is also an indication of a new
> replica, the keep alive entry was in the database, but the supplier
> tries to send it again, this should also disappear once some real
> changes from replica 4 are replicated
> 
> > but now I have on the changed master this 100... Errors
> > 
> > [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: could
> > not delete change record 396504 (rc: 32)
> > [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: could
> > not delete change record 396505 (rc: 32)
> > [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: could
> > not delete change record 396506 (rc: 32)
> > [23/Oct/2016:13:37:08 +0200] NSMMReplicationPlugin - replication keep
> > alive
> > entry <cn=repl keep alive 4,dc=example,dc=com> already exists
> > 
> > and on the replica (Master) this  1000....Errors
> > 
> > [23/Oct/2016:13:42:50 +0200] DSRetroclPlugin - delete_changerecord: could
> > not delete change record 240846 (rc: 32)
> > What is wrong with my changes, or have I to add my changes also on the
> > Replicas ?
> > 
> > Thanks for a answer,

-- 
mit freundlichen Grüßen / best regards,

  Günther J. Niederwimmer

More information about the Freeipa-users mailing list