<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 06/17/2015 11:52 AM, Ludwig Krispenz
wrote:<br>
</div>
<blockquote cite="mid:55814365.6060208@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<br>
<div class="moz-cite-prefix">On 06/17/2015 11:45 AM, thierry
bordaz wrote:<br>
</div>
<blockquote cite="mid:558141C1.4020003@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix"><span style="color:#1F497D"
lang="EN-US"></span><br>
On 06/17/2015 11:22 AM, Alexander Frolushkin wrote:<br>
</div>
<blockquote
cite="mid:7fef9252834a49f789de38761a50a714@sib-ums03.Megafon.ru"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Arial Narrow";
panose-1:2 11 6 6 2 2 2 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Текст выноски Знак";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:EN-US;}
span.a
{mso-style-name:"Текст выноски Знак";
mso-style-priority:99;
mso-style-link:"Текст выноски";
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:EN-US;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
p.1058, li.1058, div.1058
{mso-style-name:"&\#1058\,&\#1077\,&\#1082\,&\#1089\,&\#1090\,&\#1074\,&\#1099\,&\#1085\,&\#1086\,&\#1080";
mso-style-link:"&\#10581\,&\#10771\,&\#10821\,&\#10891\,&\#10901\,&\#10741\,&\#10991\,&\#10851\,&\#10861\,&\#10801\,&\#10471\,&\#10721";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
span.10581
{mso-style-name:"&\#10581\,&\#10771\,&\#10821\,&\#10891\,&\#10901\,&\#10741\,&\#10991\,&\#10851\,&\#10861\,&\#10801\,&\#10471\,&\#10721";
mso-style-priority:99;
mso-style-link:"&\#1058\,&\#1077\,&\#1082\,&\#1089\,&\#1090\,&\#1074\,&\#1099\,&\#1085\,&\#1086\,&\#1080";
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:EN-US;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">This was a usual “ipa-replica-install
--setup-ca --setup-dns” and after that
ipa-adtrust-install.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">No DEL found:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># grep "cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru"
./access<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">[17/Jun/2015:10:08:01 +0600] conn=2 op=89
SRCH base="cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru"
scope=0 filter="(objectClass=*)" attrs="ipaPermRight
ipaPermTargetFilter ipaPermBindRuleType
ipaPermissionType cn objectClass memberOf member
ipaPermTarget ipaPermDefaultAttr ipaPermLocation
ipaPermIncludedAttr ipaPermExcludedAttr"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">[17/Jun/2015:10:08:01 +0600] conn=2 op=91
ADD dn="cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru"</span></p>
</div>
</blockquote>
<br>
There is something I miss. <span style="color:#1F497D"
lang="EN-US">conn=2 op=91 was a direct update on replica26
(not replicated) because it received its own CSN=</span><span
style="color:#1F497D" lang="EN-US">5580f3210000001a0000. But
it created a conflict entry, so at that time it existed the
same entry (the one created </span><span
style="color:#1F497D" lang="EN-US"><span style="color:#1F497D"
lang="EN-US">20150408070720Z) </span>. So the direct update
should have been rejected.<br>
</span></blockquote>
I think the search in op=89 did not return an entry, so it was
added in op 91, that seems to be ok, but then 4 hrs later there is
conn=237 adding it again.<br>
<br>
Alexander,<br>
<br>
could you get the complete <span style="color:#1F497D"
lang="EN-US">'conn=237 op=93' and also the start of conn 293, to
show where teh connection comes from<br>
</span></blockquote>
of course conn=237<br>
<blockquote cite="mid:55814365.6060208@redhat.com" type="cite"><span
style="color:#1F497D" lang="EN-US"> </span>
<blockquote cite="mid:558141C1.4020003@redhat.com" type="cite"><span
style="color:#1F497D" lang="EN-US"> <br>
Would you check if the replicaID=26 is unique in the topology
(list-ruv for example) ?<br>
<br>
</span>
<blockquote
cite="mid:7fef9252834a49f789de38761a50a714@sib-ums03.Megafon.ru"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">[17/Jun/2015:14:39:46 +0600] conn=237 op=93
ADD dn="cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">It is also possible this entry on affected
servers was previously duplicated and not correctly
managed to delete (more recent dup was deleted). <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">Is there any natural way to fix such
issues? Maybe ipa-replica-manage force-sync, or
ipa-replica-manage re-initialize on affected site
servers from normal servers could help?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial
Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU"
lang="EN-US">WBR,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial
Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU"
lang="EN-US">Alexander Frolushkin<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial
Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU"
lang="EN-US">Cell +79232508764<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial
Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU"
lang="EN-US">Work +79232507764<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
thierry bordaz [<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="mailto:tbordaz@redhat.com">mailto:tbordaz@redhat.com</a>]
<br>
<b>Sent:</b> Wednesday, June 17, 2015 3:15 PM<br>
<b>To:</b> Alexander Frolushkin (SIB)<br>
<b>Cc:</b> 'Ludwig Krispenz'; <a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] replication
conflicts<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hello Alexander,<br>
<br>
How did you initialize that new replica 26.<br>
Either '<span style="color:#1F497D" lang="EN-US">cn=System:
Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru'</span>
was not part of the total init data, or a DEL of that
entry happened on replica 26 (before a new ADD) but the
DEL was not replicated to replica12.<br>
Would you check in replica26 access logs if that entry
was deleted ?<br>
<br>
thanks<br>
theirry<br>
<br>
On 06/17/2015 11:03 AM, Alexander Frolushkin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">This is correct, thank you for
understanding and for helping!</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">Replica with id 26 was created today,
this is our new server which was included in domain
just a few hours ago. Looks like this dup came right
after this new replica creation.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt">WBR,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Alexander
Frolushkin</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Cell
+79232508764</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Work
+79232507764</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
Ludwig Krispenz [<a moz-do-not-send="true"
href="mailto:lkrispen@redhat.com">mailto:lkrispen@redhat.com</a>]
<br>
<b>Sent:</b> Wednesday, June 17, 2015 2:58 PM<br>
<b>To:</b> Alexander Frolushkin (SIB)<br>
<b>Cc:</b> <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] replication
conflicts</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi,<br>
<br>
you did send the data directly to me, maybe not wanting
to share them to everyone. I'll continue discussion
here, trying to be careful.<br>
<br>
The "good" entry was created in April on replica 12
"0x0c"<br>
<span style="color:#1F497D" lang="EN-US">createTimestamp;vucsn-5524d42b0067000c0000:
20150408070720Z<br>
<br>
the "nsuniqueid" entry was created today on replica 26
"0x1a"<br>
createTimestamp;vucsn-5580f3210000001a0000:
20150617040801Z</span><br>
<br>
if the original entry would have existed on replica26
the new add should have been rejected, if it was not
there the question is why.<br>
<br>
Do you have any additional info on replica 26, when was
it created, was it disconnected for some time ??<br>
<br>
Ludwig<o:p></o:p></p>
<div>
<p class="MsoNormal">On 06/17/2015 08:13 AM, Alexander
Frolushkin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:windowtext"
lang="EN-US">Hello</span><span
style="color:windowtext">.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext"
lang="EN-US">Another example</span><span
style="color:windowtext">. </span><span
style="color:windowtext" lang="EN-US">Today appeared
on servers of different site.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext"
lang="EN-US">Original LDIF:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># extended LDIF</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">#</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># LDAPv3</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># base <cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru>
with scope subtree</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># filter: (objectclass=*)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># requesting: ALL</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">#</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># System: Manage Host Keytab,
permissions, pbac, unix.megafon.ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">dn: cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermTargetFilter:
(objectclass=ipahost)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermRight: write</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermBindRuleType: permission</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermissionType: V2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermissionType: MANAGED</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermissionType: SYSTEM</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">cn: System: Manage Host Keytab</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: ipapermission</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: top</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: groupofnames</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: ipapermissionv2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">member: cn=Host
Enrollment,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">member: cn=Host
Administrators,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermDefaultAttr: krbprincipalkey</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermDefaultAttr: krblastpwdchange</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermLocation:
cn=computers,cn=accounts,dc=unix,dc=megafon,dc=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># search result</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">search: 2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">result: 0 Success</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># numResponses: 2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># numEntries: 1</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext"
lang="EN-US">Duplicate:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># extended LDIF</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">#</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># LDAPv3</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># base <cn=System: Manage Host
Keytab+nsuniqueid=708bba65-14a611e5-8a48fd19-df27ff01,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru>
with scope subtree</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># filter: (objectclass=*)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># requesting: ALL</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">#</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># System: Manage Host Keytab +
708bba65-14a611e5-8a48fd19-df27ff01, permissio</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ns, pbac, unix.megafon.ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">dn: cn=System: Manage Host
Keytab+nsuniqueid=708bba65-14a611e5-8a48fd19-df27ff</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">01,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermTargetFilter:
(objectclass=ipahost)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermRight: write</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermBindRuleType: permission</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermissionType: V2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermissionType: MANAGED</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermissionType: SYSTEM</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">cn: System: Manage Host Keytab</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: ipapermission</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: top</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: groupofnames</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: ipapermissionv2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">member: cn=Host
Enrollment,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">member: cn=Host
Administrators,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermDefaultAttr: krbprincipalkey</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermDefaultAttr: krblastpwdchange</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermLocation:
cn=computers,cn=accounts,dc=unix,dc=megafon,dc=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># search result</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">search: 2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">result: 0 Success</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># numResponses: 2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># numEntries: 1</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">No other servers in IPA domain have
such duplicates.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt">WBR,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Alexander
Frolushkin</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Cell
+79232508764</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Work
+79232507764</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>
[<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">mailto:freeipa-users-bounces@redhat.com</a>]
<b>On Behalf Of </b>Ludwig Krispenz<br>
<b>Sent:</b> Tuesday, June 16, 2015 3:52 PM<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] replication
conflicts</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 06/16/2015 11:42 AM, Alexander
Frolushkin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US">Hello.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Just to remind
if somebody still not familiar with our IPA
installation </span><span
style="font-family:Wingdings" lang="EN-US">J</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">We currently
have 18 IPA servers in domain, on 8 sites in
different regions across the Russia.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">And now, our
new problem.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Regularly we
getting a nsds5ReplConflict records on some of our
servers, very often on servers from specific site.
Usually it is simply a doubles and we can remove
the renamed change to get everything back. But why
do we have them at all?</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">May be someone
could explain, how we can detect the cause of this
replication conflicts?</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt">if
you are talking about having two "duplicate"
entries, <br>
one: uid=xxxxx,<suffix><br>
one: nsuniqueid=nnnnnnnn+uid=xxxxx,<suffix><br>
<br>
these entries appear if the entry uid=xxxxx was
added, simultaneously, on two servers. I think this
can happen if a client tries to add an entry and if
it doesn't get a response in some time retries on
another server.<br>
to find out which client this is you need to check
on which servers the entries were originally added
and then see which client was doing it<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Sometime it is
moderately harmful, because, for example HBAC stops
working on specific server while doubles still
present.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Thanks in
forward…</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">WBR,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Alexander
Frolushkin</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Cell
+79232508764</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Work
+79232507764</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<div class="MsoNormal" style="text-align:center"
align="center"><span style="font-size:12.0pt">
<hr align="center" size="2" width="100%"> </span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:RU"><br>
Информация в этом сообщении предназначена
исключительно для конкретных лиц, которым она
адресована. В сообщении может содержаться
конфиденциальная информация, которая не может быть
раскрыта или использована кем-либо, кроме адресатов.
Если вы не адресат этого сообщения, то
использование, переадресация, копирование или
распространение содержания сообщения или его части
незаконно и запрещено. Если Вы получили это
сообщение ошибочно, пожалуйста, незамедлительно
сообщите отправителю об этом и удалите со всем
содержимым само сообщение и любые возможные его
копии и приложения.<br>
<br>
The information contained in this communication is
intended solely for the use of the individual or
entity to whom it is addressed and others authorized
to receive it. It may contain confidential or
legally privileged information. The contents may not
be disclosed or used by anyone other than the
addressee. If you are not the intended recipient(s),
any use, disclosure, copying, distribution or any
action taken or omitted to be taken in reliance on
it is prohibited and may be unlawful. If you have
received this communication in error please notify
us immediately by responding to this email and then
delete the e-mail and all attachments and any copies
thereof.<br>
<br>
(c)20mf50<br>
</span><span style="font-size:12.0pt"><br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<div class="MsoNormal" style="text-align:center"
align="center"><span style="font-size:12.0pt">
<hr align="center" size="2" width="100%"> </span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:RU"><br>
Информация в этом сообщении предназначена
исключительно для конкретных лиц, которым она
адресована. В сообщении может содержаться
конфиденциальная информация, которая не может быть
раскрыта или использована кем-либо, кроме адресатов.
Если вы не адресат этого сообщения, то
использование, переадресация, копирование или
распространение содержания сообщения или его части
незаконно и запрещено. Если Вы получили это
сообщение ошибочно, пожалуйста, незамедлительно
сообщите отправителю об этом и удалите со всем
содержимым само сообщение и любые возможные его
копии и приложения.<br>
<br>
The information contained in this communication is
intended solely for the use of the individual or
entity to whom it is addressed and others authorized
to receive it. It may contain confidential or
legally privileged information. The contents may not
be disclosed or used by anyone other than the
addressee. If you are not the intended recipient(s),
any use, disclosure, copying, distribution or any
action taken or omitted to be taken in reliance on
it is prohibited and may be unlawful. If you have
received this communication in error please notify
us immediately by responding to this email and then
delete the e-mail and all attachments and any copies
thereof.<br>
<br>
(c)20mf50</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU"><o:p> </o:p></span></p>
<div class="MsoNormal" style="text-align:center"
align="center"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU">
<hr align="center" size="2" width="100%"> </span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:RU"><br>
Информация в этом сообщении предназначена
исключительно для конкретных лиц, которым она
адресована. В сообщении может содержаться
конфиденциальная информация, которая не может быть
раскрыта или использована кем-либо, кроме адресатов.
Если вы не адресат этого сообщения, то использование,
переадресация, копирование или распространение
содержания сообщения или его части незаконно и
запрещено. Если Вы получили это сообщение ошибочно,
пожалуйста, незамедлительно сообщите отправителю об
этом и удалите со всем содержимым само сообщение и
любые возможные его копии и приложения.<br>
<br>
The information contained in this communication is
intended solely for the use of the individual or
entity to whom it is addressed and others authorized
to receive it. It may contain confidential or legally
privileged information. The contents may not be
disclosed or used by anyone other than the addressee.
If you are not the intended recipient(s), any use,
disclosure, copying, distribution or any action taken
or omitted to be taken in reliance on it is prohibited
and may be unlawful. If you have received this
communication in error please notify us immediately by
responding to this email and then delete the e-mail
and all attachments and any copies thereof.<br>
<br>
(c)20mf50<br>
</span><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU"><br>
<br>
<o:p></o:p></span></p>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU"><o:p> </o:p></span></p>
</div>
<br>
<hr> <font color="Gray" face="Arial" size="1"><br>
Информация в этом сообщении предназначена исключительно для
конкретных лиц, которым она адресована. В сообщении может
содержаться конфиденциальная информация, которая не может
быть раскрыта или использована кем-либо, кроме адресатов.
Если вы не адресат этого сообщения, то использование,
переадресация, копирование или распространение содержания
сообщения или его части незаконно и запрещено. Если Вы
получили это сообщение ошибочно, пожалуйста, незамедлительно
сообщите отправителю об этом и удалите со всем содержимым
само сообщение и любые возможные его копии и приложения.<br>
<br>
The information contained in this communication is intended
solely for the use of the individual or entity to whom it is
addressed and others authorized to receive it. It may
contain confidential or legally privileged information. The
contents may not be disclosed or used by anyone other than
the addressee. If you are not the intended recipient(s), any
use, disclosure, copying, distribution or any action taken
or omitted to be taken in reliance on it is prohibited and
may be unlawful. If you have received this communication in
error please notify us immediately by responding to this
email and then delete the e-mail and all attachments and any
copies thereof.<br>
<br>
(c)20mf50<br>
</font> </blockquote>
<br>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>