<html>
  <head>
    <meta content="text/html; charset=ISO-8859-2"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 03/24/2015 09:49 AM, Łukasz Jaworski
      wrote:<br>
    </div>
    <blockquote
      cite="mid:430C6CA9-9B64-42E5-82DE-3166EC5B443B@kofeina.net"
      type="cite">
      <pre wrap="">Wiadomość napisana przez Martin Kosek <a class="moz-txt-link-rfc2396E" href="mailto:mkosek@redhat.com"><mkosek@redhat.com></a> w dniu 23 mar 2015, o godz. 12:04:
</pre>
      <blockquote type="cite">
        <pre wrap="">On 03/23/2015 04:07 AM, Janelle wrote:
</pre>
        <blockquote type="cite">
          <pre wrap="">attrlist_replace - attr_replace (nsslapd-referral,
<a class="moz-txt-link-freetext" href="ldap://ipa1.example.com:389/o%3Dipaca">ldap://ipa1.example.com:389/o%3Dipaca</a>) failed.
</pre>
        </blockquote>
        <pre wrap="">
Hm, I do not met this error yet. This looks like error from 389-ds-base, it has
functions like attrlist_replace.

If this is the case, can you please share a bigger section of the errors log,
ideally for the whole day (if not too big)? There might be some other related
error messages. CCing Ludwig and Thierry for reference.

Also, what environment are we talking about, is this still
FreeIPA 4.1.3@CentOS-7? Maybe the server also has a replication agreement also
with CentOS-6? We need to know this also.
</pre>
      </blockquote>
      <pre wrap="">
We have the same problem (yesterday we've migrated users to IPA4, 8 server wit --setup-ca), on every server we have many:

[24/Mar/2015:09:40:04 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx28.xxxxx:389/o%3Dipaca">ldap://xxxxx28.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx26.xxxxx:389/o%3Dipaca">ldap://xxxxx26.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx26.xxxxx:389/o%3Dipaca">ldap://xxxxx26.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx26.xxxxx:389/o%3Dipaca">ldap://xxxxx26.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx51.xxxxx:389/o%3Dipaca">ldap://xxxxx51.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx51.xxxxx:389/o%3Dipaca">ldap://xxxxx51.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx51.xxxxx:389/o%3Dipaca">ldap://xxxxx51.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx26.xxxxx:389/o%3Dipaca">ldap://xxxxx26.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx26.xxxxx:389/o%3Dipaca">ldap://xxxxx26.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx26.xxxxx:389/o%3Dipaca">ldap://xxxxx26.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx51.xxxxx:389/o%3Dipaca">ldap://xxxxx51.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx51.xxxxx:389/o%3Dipaca">ldap://xxxxx51.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx51.xxxxx:389/o%3Dipaca">ldap://xxxxx51.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:16 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx26.xxxxx:389/o%3Dipaca">ldap://xxxxx26.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:16 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx26.xxxxx:389/o%3Dipaca">ldap://xxxxx26.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:16 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx26.xxxxx:389/o%3Dipaca">ldap://xxxxx26.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:17 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx28.xxxxx:389/o%3Dipaca">ldap://xxxxx28.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:17 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx28.xxxxx:389/o%3Dipaca">ldap://xxxxx28.xxxxx:389/o%3Dipaca</a>) failed.
[24/Mar/2015:09:40:17 +0100] attrlist_replace - attr_replace (nsslapd-referral, <a class="moz-txt-link-freetext" href="ldap://xxxxx28.xxxxx:389/o%3Dipaca">ldap://xxxxx28.xxxxx:389/o%3Dipaca</a>) failed.

Distributor ID: Fedora
Description:    Fedora release 21 (Twenty One)

389-ds and freeipa:
389-ds-base-1.3.3.8-1.fc21.x86_64
389-ds-base-libs-1.3.3.8-1.fc21.x86_64
freeipa-server-4.1.3-2.fc21.x86_64


Best regards,
Ender


</pre>
    </blockquote>
    <font face="Times New Roman, Times, serif">Hello,<br>
      <br>
    </font>
    <blockquote><font face="Times New Roman, Times, serif">It seems that
        this error is logged each time a replication session is started.
        At the beginning of the session, the replica that receive the
        replication request, tries to update the referral list of the
        replicated suffix (replica) according to the metadata sent by
        the master.<br>
        At this step, it fails with these logs.<br>
        I would like to check the validity (duplicate ?) of if the
        referrals contained in the master metadata. Would it be possible
        you do the following command on all your instances:<br>
      </font><big><font size="-1"><big>
            <pre><font size="-1"><big>ldapsearch -h <font size="-1">.. -p<font size="-1">xxx -D "cn<font size="-1">=directory manager" -w xxx -b "o=ipaca" </font></font></font>"(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi</big></font><font size="-1"><big><big><font size="-1"><big>
</big></font></big>
</big></font></pre>
          </big></font></big><font face="Times New Roman, Times, serif">thanks<br>
        thierry</font><br>
    </blockquote>
  </body>
</html>