[Freeipa-users] Replica Problem (Errors)
Ludwig Krispenz
lkrispen at redhat.com
Mon Oct 24 12:16:23 UTC 2016
On 10/24/2016 01:21 PM, Günther J. Niederwimmer wrote:
> Hello Ludwig,
>
> thanks for the answer,
>
>
> Am Montag, 24. Oktober 2016, 09:53:21 schrieb Ludwig Krispenz:
>> On 10/23/2016 03:01 PM, Günther J. Niederwimmer wrote:
>>> I have added on my ipa (Master) Server this user and ACI with a ldif file
>>>
>>> ldapmodify -x -D 'cn=Directory Manager' -W
>>> dn: uid=system,cn=sysaccounts,cn=etc,dc=example,dc=com
>>> changetype: add
>>> objectclass: account
>>> objectclass: simplesecurityobject
>>> uid: system
>>> userPassword: secret123
>>> passwordExpirationTime: 20380119031407Z
>>> nsIdleTimeout: 0
>>> <blank line>
>>> ^D
>>>
>>> dn: cn=users,cn=accounts,dc=example,dc=com
>>> changetype: modify
>>> add: aci
>>> aci: (targetattr="mailAlternateAddress")
>>> (targetfilter="(objectClass=mailrecipient)")
>>>
>>> (version
>>> 3.0; acl "Allow system account to read mail address"; allow(read,
>>> search, compare) userdn =
>>> "ldap:///uid=system,cn=sysaccounts,cn=etc,dc=example,dc=com";)
>>>
>>> This Ends with a
>>> modifying entry "cn=users,cn=accounts,dc=example,dc=com"
>> these changes are not related to the errors you report below (I would be
>> really surprised) and you only need to apply them on one server, that's
>> what replication is good for.
>>
>> There are a couple of different types of messages:
>> - failed to delete changelog record: this is from retro changelog
>> trimming, when miscalculation of the starting point for trimming starts
>> with changenumber lower than what's in the retro changelog.
>> In my experience this can happen after a crash/kill/reboot and should
>> stop after som time
> OK, nothing to do ;-).
>
>> - attrlist_replace errors: looks like you have recreated a replica on a
>> machine and not cleaned the RUV, please see:
>> http://www.freeipa.org/page/Troubleshooting#Obsolete_RUV_records
> I don't have add or remove a replica ? this two servers running now I mean
> over three month ?
that is strange, could you perform step 1] and 2] of this recipe:
https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html
but add the option "-o ldif-wrap=no" to the ldapsearch to get the full ruv
>
> The last I remember I add a 3rd Party Certificate ?
>
> but I don't found before so much Errors :-(.
>
> Is there a possible way to check a freeIPA Installation, to find out for a
> "normal" user to have a consistent System ?
>
>> - keep-alive already exists: this is also an indication of a new
>> replica, the keep alive entry was in the database, but the supplier
>> tries to send it again, this should also disappear once some real
>> changes from replica 4 are replicated
>>
>>> but now I have on the changed master this 100... Errors
>>>
>>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: could
>>> not delete change record 396504 (rc: 32)
>>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: could
>>> not delete change record 396505 (rc: 32)
>>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord: could
>>> not delete change record 396506 (rc: 32)
>>> [23/Oct/2016:13:37:08 +0200] NSMMReplicationPlugin - replication keep
>>> alive
>>> entry <cn=repl keep alive 4,dc=example,dc=com> already exists
>>>
>>> and on the replica (Master) this 1000....Errors
>>>
>>> [23/Oct/2016:13:42:50 +0200] DSRetroclPlugin - delete_changerecord: could
>>> not delete change record 240846 (rc: 32)
>>> What is wrong with my changes, or have I to add my changes also on the
>>> Replicas ?
>>>
>>> Thanks for a answer,
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander
More information about the Freeipa-users
mailing list