<html>
<head>
<meta content="text/html; charset=KOI8-R" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<br>
you did send the data directly to me, maybe not wanting to share
them to everyone. I'll continue discussion here, trying to be
careful.<br>
<br>
The "good" entry was created in April on replica 12 "0x0c"<br>
<span style="color:#1F497D" lang="EN-US">createTimestamp;vucsn-5524d42b0067000c0000:
20150408070720Z<br>
<br>
the "nsuniqueid" entry was created today on replica 26 "0x1a"<br>
</span><span style="color:#1F497D" lang="EN-US">createTimestamp;vucsn-5580f3210000001a0000:
20150617040801Z</span><br>
<br>
if the original entry would have existed on replica26 the new add
should have been rejected, if it was not there the question is why.<br>
<br>
Do you have any additional info on replica 26, when was it created,
was it disconnected for some time ??<br>
<br>
Ludwig<br>
<br>
<div class="moz-cite-prefix">On 06/17/2015 08:13 AM, Alexander
Frolushkin wrote:<br>
</div>
<blockquote
cite="mid:5b0d853346b1478fa3d0aa34223944b7@sib-ums03.Megafon.ru"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=KOI8-R">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Arial Narrow";
panose-1:2 11 6 6 2 2 2 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US">Hello</span><span
style="color:windowtext">.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US">Another</span><span
style="color:windowtext" lang="EN-US">
</span><span style="color:windowtext" lang="EN-US">example</span><span
style="color:windowtext">.
</span><span style="color:windowtext" lang="EN-US">Today
appeared on servers of different site.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US">Original
LDIF:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
extended LDIF<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
LDAPv3<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
base <cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru>
with scope subtree<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
filter: (objectclass=*)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
requesting: ALL<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
System: Manage Host Keytab, permissions, pbac,
unix.megafon.ru<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">dn:
cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">=ru<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermTargetFilter:
(objectclass=ipahost)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermRight:
write<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermBindRuleType:
permission<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermissionType:
V2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermissionType:
MANAGED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermissionType:
SYSTEM<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">cn:
System: Manage Host Keytab<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">objectClass:
ipapermission<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">objectClass:
top<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">objectClass:
groupofnames<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">objectClass:
ipapermissionv2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">member:
cn=Host
Enrollment,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">member:
cn=Host
Administrators,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermDefaultAttr:
krbprincipalkey<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermDefaultAttr:
krblastpwdchange<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermLocation:
cn=computers,cn=accounts,dc=unix,dc=megafon,dc=ru<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
search result<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">search:
2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">result:
0 Success<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
numResponses: 2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
numEntries: 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US">Duplicate:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
extended LDIF<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
LDAPv3<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
base <cn=System: Manage Host
Keytab+nsuniqueid=708bba65-14a611e5-8a48fd19-df27ff01,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru>
with scope subtree<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
filter: (objectclass=*)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
requesting: ALL<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
System: Manage Host Keytab +
708bba65-14a611e5-8a48fd19-df27ff01, permissio<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ns,
pbac, unix.megafon.ru<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">dn:
cn=System: Manage Host
Keytab+nsuniqueid=708bba65-14a611e5-8a48fd19-df27ff<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">01,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermTargetFilter:
(objectclass=ipahost)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermRight:
write<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermBindRuleType:
permission<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermissionType:
V2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermissionType:
MANAGED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermissionType:
SYSTEM<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">cn:
System: Manage Host Keytab<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">objectClass:
ipapermission<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">objectClass:
top<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">objectClass:
groupofnames<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">objectClass:
ipapermissionv2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">member:
cn=Host
Enrollment,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">member:
cn=Host
Administrators,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermDefaultAttr:
krbprincipalkey<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermDefaultAttr:
krblastpwdchange<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">ipaPermLocation:
cn=computers,cn=accounts,dc=unix,dc=megafon,dc=ru<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
search result<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">search:
2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">result:
0 Success<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
numResponses: 2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
numEntries: 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">No
other servers in IPA domain have such duplicates.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial
Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU">WBR,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial
Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU">Alexander
Frolushkin<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial
Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU">Cell
+79232508764<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial
Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU">Work
+79232507764<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>
[<a class="moz-txt-link-freetext" href="mailto:freeipa-users-bounces@redhat.com">mailto:freeipa-users-bounces@redhat.com</a>] <b>On Behalf
Of </b>Ludwig Krispenz<br>
<b>Sent:</b> Tuesday, June 16, 2015 3:52 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] replication
conflicts<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 06/16/2015 11:42 AM, Alexander
Frolushkin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US">Hello.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Just to remind if
somebody still not familiar with our IPA installation
</span><span style="font-family:Wingdings" lang="EN-US">J</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">We currently have 18
IPA servers in domain, on 8 sites in different regions
across the Russia.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">And now, our new
problem.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Regularly we getting a
nsds5ReplConflict records on some of our servers, very
often on servers from specific site. Usually it is simply
a doubles and we can remove the renamed change to get
everything back. But why do we have them at all?</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">May be someone could
explain, how we can detect the cause of this replication
conflicts?</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU">if
you are talking about having two "duplicate" entries,
<br>
one: uid=xxxxx,<suffix><br>
one: nsuniqueid=nnnnnnnn+uid=xxxxx,<suffix><br>
<br>
these entries appear if the entry uid=xxxxx was added,
simultaneously, on two servers. I think this can happen if a
client tries to add an entry and if it doesn't get a
response in some time retries on another server.<br>
to find out which client this is you need to check on which
servers the entries were originally added and then see which
client was doing it<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Sometime it is
moderately harmful, because, for example HBAC stops working
on specific server while doubles still present.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Thanks in forward…</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">WBR,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Alexander
Frolushkin</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Cell
+79232508764</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Work
+79232507764</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU"><o:p> </o:p></span></p>
<div class="MsoNormal" style="text-align:center" align="center"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU">
<hr align="center" size="2" width="100%">
</span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:RU"><br>
Информация в этом сообщении предназначена исключительно для
конкретных лиц, которым она адресована. В сообщении может
содержаться конфиденциальная информация, которая не может
быть раскрыта или использована кем-либо, кроме адресатов.
Если вы не адресат этого сообщения, то использование,
переадресация, копирование или распространение содержания
сообщения или его части незаконно и запрещено. Если Вы
получили это сообщение ошибочно, пожалуйста, незамедлительно
сообщите отправителю об этом и удалите со всем содержимым
само сообщение и любые возможные его копии и приложения.<br>
<br>
The information contained in this communication is intended
solely for the use of the individual or entity to whom it is
addressed and others authorized to receive it. It may
contain confidential or legally privileged information. The
contents may not be disclosed or used by anyone other than
the addressee. If you are not the intended recipient(s), any
use, disclosure, copying, distribution or any action taken
or omitted to be taken in reliance on it is prohibited and
may be unlawful. If you have received this communication in
error please notify us immediately by responding to this
email and then delete the e-mail and all attachments and any
copies thereof.<br>
<br>
(c)20mf50<br>
</span><span style="font-size:12.0pt;font-family:"Times
New Roman","serif";mso-fareast-language:RU"><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU"><o:p> </o:p></span></p>
</div>
<br>
<hr>
<font color="Gray" face="Arial" size="1"><br>
Информация в этом сообщении предназначена исключительно для
конкретных лиц, которым она адресована. В сообщении может
содержаться конфиденциальная информация, которая не может быть
раскрыта или использована кем-либо, кроме адресатов. Если вы не
адресат этого сообщения, то использование, переадресация,
копирование или распространение содержания сообщения или его
части незаконно и запрещено. Если Вы получили это сообщение
ошибочно, пожалуйста, незамедлительно сообщите отправителю об
этом и удалите со всем содержимым само сообщение и любые
возможные его копии и приложения.<br>
<br>
The information contained in this communication is intended
solely for the use of the individual or entity to whom it is
addressed and others authorized to receive it. It may contain
confidential or legally privileged information. The contents may
not be disclosed or used by anyone other than the addressee. If
you are not the intended recipient(s), any use, disclosure,
copying, distribution or any action taken or omitted to be taken
in reliance on it is prohibited and may be unlawful. If you have
received this communication in error please notify us
immediately by responding to this email and then delete the
e-mail and all attachments and any copies thereof.<br>
<br>
(c)20mf50<br>
</font>
</blockquote>
<br>
</body>
</html>