[Freeipa-users] Replication broken

[Timothy Geier]

This issue started when trying to remove a user; ipa user-del showed “operation failed” and the user was not removed.  The same ipa user-del command was performed on a replica and completed successfully, but it was then immediately apparent that this change did not replicate anywhere else.  All of the replicas then were re-initalized using "ipa-replica-manage re-initialize” and now the LDAP trees/users are consistent though no further changes have been made.

The slapd error logs are showing repeated instances of

DSRetroclPlugin - replog: an error occured while adding change number 112697, dn = changenumber=112697,cn=changelog: Already exists.
retrocl-plugin - retrocl_postob: operation failure [68]

Package versions are
ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64
and 
389-ds-base-1.3.4.0-29.el7_2.x86_64

ipa-replica-manage list-ruv
ipa: WARNING: session memcached servers not running
unable to decode: {replica 11} 56044ef50000000b0000 56044ef50000000b0000
unable to decode: {replica 7} 561f17ba000800070000 561f17ba000800070000
unable to decode: {replica 5} 561f17bc000300050000 561f17bc000300050000
unable to decode: {replica 9} 561f17ba000a00090000 561f17ba000a00090000
unable to decode: {replica 4} 561f17ba000300040000 561f17ba000300040000 
(These are likely leftovers from the previous incarnation of these servers on a RHEL6-like setup)
ipa07:389: 16
ipa02:389: 13
ipa03:389: 14
ipa01:389: 12
ipa04:389: 15
ipa05:389: 17

Thanks much,


"This message and any attachments may contain confidential information. If you
have received this  message in error, any use or distribution is prohibited. 
Please notify us by reply e-mail if you have mistakenly received this message,
and immediately and permanently delete it and any attachments. Thank you."