[Freeipa-users] Replica Problem (Errors)

Günther J. Niederwimmer gjn at gjn.priv.at
Tue Oct 25 14:41:36 UTC 2016 

Hello Ludwig,

Thanks for the answer and help,

Am Montag, 24. Oktober 2016, 14:16:23 schrieb Ludwig Krispenz:
> On 10/24/2016 01:21 PM, Günther J. Niederwimmer wrote:
> > Am Montag, 24. Oktober 2016, 09:53:21 schrieb Ludwig Krispenz:
> >> On 10/23/2016 03:01 PM, Günther J. Niederwimmer wrote:
> >>> I have added on my ipa (Master) Server this user and ACI with a ldif
> >>> file
> >>> 
> >>> This Ends with a
> >>> modifying entry "cn=users,cn=accounts,dc=example,dc=com"
> >> 
> >> these changes are not related to the errors you report below (I would be
> >> really surprised) and you only need to apply them on one server, that's
> >> what replication is good for.
> >> 
> >> There are a couple of different types of messages:
> >> - failed to delete changelog record: this is from retro changelog
> >> trimming, when miscalculation of the starting point for trimming starts
> >> with changenumber lower than what's in the retro changelog.
> >> In my experience this can happen after a crash/kill/reboot and should
> >> stop after som time
> > 
> > OK, nothing to do ;-).
> > 
> >> - attrlist_replace errors: looks like you have recreated a replica on a
> >> machine and not cleaned the RUV, please see:
> >> http://www.freeipa.org/page/Troubleshooting#Obsolete_RUV_records
> > 
> > I don't have add or remove a replica ? this two servers running now I mean
> > over three month ?
> 
> that is strange, could you perform step 1] and 2] of this recipe:
> https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html
> but add the option "-o ldif-wrap=no" to the ldapsearch to get the full ruv

OK.
The first is

ipa-csreplica-manage list
Directory Manager password: 

ipa.example.com: master
ipa1.example.com: master

The second is:
nsDS5ReplicaId: 96
nsds50ruv: {replicageneration} 5706b1a3000000600000
nsds50ruv: {replica 96 ldap://ipa.example.com:389} 5706b1ab000000600000 
580f6a5f000000600000
nsds50ruv: {replica 91 ldap://ipa1.example.com:389} 5714ad010000005b0000 
575c65140005005b0000
nsds50ruv: {replica 97 ldap://ipa1.example.com:389} 5706b1bd000000610000 
570803a9000000610000

The domain is changed !!
 
> > The last I remember I add a 3rd Party Certificate ?
> > 
> > but I don't found before so much Errors :-(.
> > 
> > Is there a possible way to check a freeIPA Installation, to find out for a
> > "normal" user to have a consistent System ?
> > 
> >> - keep-alive already exists: this is also an indication of a new
> >> replica, the keep alive entry was in the database, but the supplier
> >> tries to send it again, this should also disappear once some real
> >> changes from replica 4 are replicated
> >> 
> >>> but now I have on the changed master this 100... Errors
> >>> 
> >>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord:
> >>> could
> >>> not delete change record 396504 (rc: 32)
> >>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord:
> >>> could
> >>> not delete change record 396505 (rc: 32)
> >>> [23/Oct/2016:13:27:58 +0200] DSRetroclPlugin - delete_changerecord:
> >>> could
> >>> not delete change record 396506 (rc: 32)
> >>> [23/Oct/2016:13:37:08 +0200] NSMMReplicationPlugin - replication keep
> >>> alive
> >>> entry <cn=repl keep alive 4,dc=example,dc=com> already exists
> >>> 
> >>> and on the replica (Master) this  1000....Errors
> >>> 
> >>> [23/Oct/2016:13:42:50 +0200] DSRetroclPlugin - delete_changerecord:
> >>> could
> >>> not delete change record 240846 (rc: 32)
> >>> What is wrong with my changes, or have I to add my changes also on the
> >>> Replicas ?
> >>> 
> >>> Thanks for a answer,

-- 
mit freundlichen Grüßen / best regards,

  Günther J. Niederwimmer

More information about the Freeipa-users mailing list