<html>
<head>
<meta content="text/html; charset=KOI8-R" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 06/17/2015 02:27 PM, Alexander
Frolushkin wrote:<br>
</div>
<blockquote
cite="mid:6a9ee184a0a549eab53054c5d71beb73@sib-ums03.Megafon.ru"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=KOI8-R">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Arial Narrow";
panose-1:2 11 6 6 2 2 2 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Текст выноски Знак";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:EN-US;}
span.a
{mso-style-name:"Текст выноски Знак";
mso-style-priority:99;
mso-style-link:"Текст выноски";
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:EN-US;}
span.10581
{mso-style-name:"&\#10581\,&\#10771\,&\#10821\,&\#10891\,&\#10901\,&\#10741\,&\#10991\,&\#10851\,&\#10861\,&\#10801\,&\#10471\,&\#10721";
mso-style-priority:99;
mso-style-link:"&\#1058\,&\#1077\,&\#1082\,&\#1089\,&\#1090\,&\#1074\,&\#1099\,&\#1085\,&\#1086\,&\#1080";
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:EN-US;}
p.1058, li.1058, div.1058
{mso-style-name:"&\#1058\,&\#1077\,&\#1082\,&\#1089\,&\#1090\,&\#1074\,&\#1099\,&\#1085\,&\#1086\,&\#1080";
mso-style-link:"&\#10581\,&\#10771\,&\#10821\,&\#10891\,&\#10901\,&\#10741\,&\#10991\,&\#10851\,&\#10861\,&\#10801\,&\#10471\,&\#10721";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle27
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle28
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle29
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Except:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">“unable
to decode: {replica 22} 5576b83e000200160000
5576ba4b000200160000<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">unable
to decode: {replica 20} 55716e57000300140000
55716e57000300140000<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">unable
to decode: {replica 16} 548a8126000000100000
548a8126000000100000<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">unable
to decode: {replica 24} 557fb7d4000400180000
557fb9a1001000180000<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">unable
to decode: {replica 21} 5576ac96000000150000
5576b52e000200150000”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">records,
all replicas are unique and have corresponding id’s.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Total
number of not “unable to decode” servers is equal to real
number of replicas in domain.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">I
can confirm some of cleanallruv processes was not finished
correctly after some replica remove.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Slapd
on replica id 10 last restarted yesterday 15:05 server local
time.</span></p>
</div>
</blockquote>
It was restarted 16/Jun/2015:15:05 and send the update one day after
!<br>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">[17/Jun/2015:14:39:46
+0600] conn=237 op=93 ADD dn="cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru"</span><o:p></o:p></p>
<span style="color:#1F497D" lang="EN-US">[17/Jun/2015:14:39:46
+0600] conn=237 op=93 RESULT err=0 tag=105 nentries=0 etime=0
csn=555ac936000000140000<br>
<br>
May be it was very very slow.<br>
<br>
</span>
<blockquote
cite="mid:6a9ee184a0a549eab53054c5d71beb73@sib-ums03.Megafon.ru"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">The
same question, may it help if I tomorrow will do
re-initialize all replicas from our relatively
good-conditioned site?</span></p>
</div>
</blockquote>
If you reinit all replicas, it will clear their CL so such very old
updates will no long exist.<br>
Now if it exists very slow replica (like replica10) that holds their
updates for long before replicating then it increases the
possibility of creating conflicts.<br>
<br>
<blockquote
cite="mid:6a9ee184a0a549eab53054c5d71beb73@sib-ums03.Megafon.ru"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial
Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU">WBR,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial
Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU">Alexander
Frolushkin<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial
Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU">Cell
+79232508764<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial
Narrow","sans-serif";color:#1F497D;mso-fareast-language:RU">Work
+79232507764<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
thierry bordaz [<a class="moz-txt-link-freetext" href="mailto:tbordaz@redhat.com">mailto:tbordaz@redhat.com</a>] <br>
<b>Sent:</b> Wednesday, June 17, 2015 6:16 PM<br>
<b>To:</b> Alexander Frolushkin (SIB)<br>
<b>Cc:</b> 'Ludwig Krispenz'; <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] replication
conflicts<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><br>
On 06/17/2015 01:38 PM, Alexander Frolushkin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Ok,
I’ll try this soon, thank you!</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Also,
please note, most of today dups appeared when 4 of 19
servers was very busy in IO (all our servers are VMs),
because dirsrv debug was enabled to gather logs for our
case about
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext"
lang="EN-US">attrlist_replace - attr_replace
(nsslapd-referral,
<a moz-do-not-send="true"
href="ldap://xxx-rhidm0x.unix.megafon.ru:389/o%3Dipaca">ldap://xxx-rhidm0x.unix.megafon.ru:389/o%3Dipaca</a>)
failed.
</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU"><br>
This message comes if you have duplicated ReplicaID.
'list-ruv' would show you a same url appearing several times
with different RID.<br>
<br>
To be back on the original problem (dup), I wonder if it is
not related to cleanruv/corrupted RUV.<br>
</span><span style="font-size:12.0pt;font-family:"Times
New
Roman","serif";color:#1F497D;mso-fareast-language:RU"
lang="EN-US"><br>
A new replica26 is created and is initialized from a master
and it does not contain
</span><span style="font-size:12.0pt;font-family:"Times
New Roman","serif";mso-fareast-language:RU">entry
</span><span style="font-size:12.0pt;font-family:"Times
New
Roman","serif";color:#1F497D;mso-fareast-language:RU"
lang="EN-US">555ac936000000140000. That allows the creation
of
</span><span style="font-size:12.0pt;font-family:"Times
New Roman","serif";mso-fareast-language:RU"><br>
</span><span style="font-size:12.0pt;font-family:"Times
New
Roman","serif";color:#1F497D;mso-fareast-language:RU"
lang="EN-US">5580f3210000001a0000.<br>
Then replica10 sends 555ac936000000140000 to replica26. That
means that changelog/ruv of replica10 contained that update,
so either cleanallruv20 did not happen on replica10 or fail
to clean its CL.<br>
<br>
Replica10 has a very old update that was not known from the
master used to init replica26.<br>
Was replica10 restarted recently.<br>
<br>
thanks<br>
theirry<br>
<br>
</span><span style="font-size:12.0pt;font-family:"Times
New Roman","serif";mso-fareast-language:RU"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">errors</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Also
during collection some of dirsrv instances hangs and was
restarted.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt"
lang="EN-US">WBR,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt"
lang="EN-US">Alexander Frolushkin</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt"
lang="EN-US">Cell +79232508764</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt"
lang="EN-US">Work +79232507764</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
Ludwig Krispenz [<a moz-do-not-send="true"
href="mailto:lkrispen@redhat.com">mailto:lkrispen@redhat.com</a>]
<br>
<b>Sent:</b> Wednesday, June 17, 2015 5:34 PM<br>
<b>To:</b> Alexander Frolushkin (SIB)<br>
<b>Cc:</b> 'thierry bordaz'; <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] replication
conflicts</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 06/17/2015 12:57 PM, Alexander
Frolushkin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Unfortunately,
number of duplicates grows dramatically on most sites.
Some servers already have over 40 duplicates.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Could
you please say, may I use re-initialize on falling replica
from the good one to fix this?</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt">If you have
a good one, this should work, "dups" are only created when a
replicated ADD is received for an existing entry.
<br>
But what really puzzles me is that you do not have them on
all servers, something weird seems to happen, this entry
seems to exist whit several replicaids, and why would
replica 10 replicate this 4 hrs after the replica
installation.
<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt">WBR,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Alexander
Frolushkin</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Cell
+79232508764</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Work
+79232507764</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
Ludwig Krispenz [<a moz-do-not-send="true"
href="mailto:lkrispen@redhat.com">mailto:lkrispen@redhat.com</a>]
<br>
<b>Sent:</b> Wednesday, June 17, 2015 4:35 PM<br>
<b>To:</b> Alexander Frolushkin (SIB)<br>
<b>Cc:</b> 'thierry bordaz'; <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] replication
conflicts</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">conn=237 is
from <span style="color:#1F497D" lang="EN-US">
10.99.75.82 which replica is this ?</span><o:p></o:p></p>
<div>
<p class="MsoNormal">On 06/17/2015 12:13 PM, Alexander
Frolushkin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">This
is not a good news, because replica id 20 is not exist for
a some days already. It was recreated and now have id 23</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt">WBR,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Alexander
Frolushkin</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Cell
+79232508764</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Work
+79232507764</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
thierry bordaz [<a moz-do-not-send="true"
href="mailto:tbordaz@redhat.com">mailto:tbordaz@redhat.com</a>]
<br>
<b>Sent:</b> Wednesday, June 17, 2015 4:10 PM<br>
<b>To:</b> Alexander Frolushkin (SIB)<br>
<b>Cc:</b> 'Ludwig Krispenz'; <a
moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] replication
conflicts</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 06/17/2015 11:56 AM, Alexander
Frolushkin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">Will this be enough?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># grep "conn=237 op=93" ./access</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">[17/Jun/2015:14:39:46 +0600] conn=237 op=93
ADD dn="cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru"</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">[17/Jun/2015:14:39:46 +0600] conn=237 op=93
RESULT err=0 tag=105 nentries=0 etime=0
csn=555ac936000000140000</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt">This
operation is a replicated one and the CSN is from May
19th. So why a replica (26) created today was initialized
without that entry ?
<br>
This updates was originated from replica20. Was it stopped
and restarted recently ?<br>
<br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">#
grep "conn=293" ./access</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">[17/Jun/2015:15:33:04
+0600] conn=293 fd=75 slot=75 connection from 10.99.75.82
to 10.61.8.2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">[17/Jun/2015:15:33:04
+0600] conn=293 op=0 BIND dn="" method=sasl version=3
mech=GSSAPI</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">[17/Jun/2015:15:33:04
+0600] conn=293 op=0 RESULT err=14 tag=97 nentries=0
etime=0, SASL bind in progress</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">[17/Jun/2015:15:33:04
+0600] conn=293 op=1 BIND dn="" method=sasl version=3
mech=GSSAPI</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">[17/Jun/2015:15:33:04
+0600] conn=293 op=1 RESULT err=14 tag=97 nentries=0
etime=0, SASL bind in progress</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">[17/Jun/2015:15:33:04
+0600] conn=293 op=2 BIND dn="" method=sasl version=3
mech=GSSAPI</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">[17/Jun/2015:15:33:04
+0600] conn=293 op=2 RESULT err=0 tag=97 nentries=0
etime=0 dn=<a moz-do-not-send="true"
href="mailto:krbprincipalname=ldap/msk-rhidm-03.unix.megafon.ru@unix.megafon.ru,cn=services,cn=accounts,dc=unix,dc=megafon,dc=ru">"krbprincipalname=ldap/msk-rhidm-03.unix.megafon.ru@unix.megafon.ru,cn=services,cn=accounts,dc=unix,dc=megafon,dc=ru"</a></span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt">WBR,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Alexander
Frolushkin</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Cell
+79232508764</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Work
+79232507764</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
Ludwig Krispenz [<a moz-do-not-send="true"
href="mailto:lkrispen@redhat.com">mailto:lkrispen@redhat.com</a>]
<br>
<b>Sent:</b> Wednesday, June 17, 2015 3:53 PM<br>
<b>To:</b> thierry bordaz<br>
<b>Cc:</b> Alexander Frolushkin (SIB); <a
moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] replication
conflicts</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 06/17/2015 11:45 AM, thierry bordaz
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><br>
On 06/17/2015 11:22 AM, Alexander Frolushkin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">This was a usual “ipa-replica-install
--setup-ca --setup-dns” and after that
ipa-adtrust-install.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">No DEL found:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># grep "cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru"
./access</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">[17/Jun/2015:10:08:01 +0600] conn=2 op=89
SRCH base="cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru"
scope=0 filter="(objectClass=*)" attrs="ipaPermRight
ipaPermTargetFilter ipaPermBindRuleType
ipaPermissionType cn objectClass memberOf member
ipaPermTarget ipaPermDefaultAttr ipaPermLocation
ipaPermIncludedAttr ipaPermExcludedAttr"</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">[17/Jun/2015:10:08:01 +0600] conn=2 op=91
ADD dn="cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru"</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt"><br>
There is something I miss. </span><span
style="font-size:12.0pt" lang="EN-US">conn=2 op=91 was a
direct update on replica26 (not replicated) because it
received its own CSN=5580f3210000001a0000. But it
created a conflict entry, so at that time it existed the
same entry (the one created 20150408070720Z) . So the
direct update should have been rejected.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt">I think
the search in op=89 did not return an entry, so it was
added in op 91, that seems to be ok, but then 4 hrs later
there is conn=237 adding it again.<br>
<br>
Alexander,<br>
<br>
could you get the complete </span><span
style="font-size:12.0pt" lang="EN-US">'conn=237 op=93' and
also the start of conn 293, to show where teh connection
comes from<br>
<br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"
lang="EN-US"><br>
Would you check if the replicaID=26 is unique in the
topology (list-ruv for example) ?<br>
<br>
<br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">[17/Jun/2015:14:39:46
+0600] conn=237 op=93 ADD dn="cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru"</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">It
is also possible this entry on affected servers was
previously duplicated and not correctly managed to delete
(more recent dup was deleted).
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Is
there any natural way to fix such issues? Maybe
ipa-replica-manage force-sync, or ipa-replica-manage
re-initialize on affected site servers from normal servers
could help?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt"
lang="EN-US">WBR,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt"
lang="EN-US">Alexander Frolushkin</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt"
lang="EN-US">Cell +79232508764</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt"
lang="EN-US">Work +79232507764</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
thierry bordaz [<a moz-do-not-send="true"
href="mailto:tbordaz@redhat.com">mailto:tbordaz@redhat.com</a>]
<br>
<b>Sent:</b> Wednesday, June 17, 2015 3:15 PM<br>
<b>To:</b> Alexander Frolushkin (SIB)<br>
<b>Cc:</b> 'Ludwig Krispenz'; <a
moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] replication
conflicts</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">Hello Alexander,<br>
<br>
How did you initialize that new replica 26.<br>
Either '<span style="color:#1F497D" lang="EN-US">cn=System:
Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru'</span>
was not part of the total init data, or a DEL of that
entry happened on replica 26 (before a new ADD) but the
DEL was not replicated to replica12.<br>
Would you check in replica26 access logs if that entry was
deleted ?<br>
<br>
thanks<br>
theirry<br>
<br>
On 06/17/2015 11:03 AM, Alexander Frolushkin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">This is correct, thank you for
understanding and for helping!</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">Replica with id 26 was created today, this
is our new server which was included in domain just a
few hours ago. Looks like this dup came right after this
new replica creation.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt">WBR,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Alexander
Frolushkin</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Cell
+79232508764</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Work
+79232507764</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
Ludwig Krispenz [<a moz-do-not-send="true"
href="mailto:lkrispen@redhat.com">mailto:lkrispen@redhat.com</a>]
<br>
<b>Sent:</b> Wednesday, June 17, 2015 2:58 PM<br>
<b>To:</b> Alexander Frolushkin (SIB)<br>
<b>Cc:</b> <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] replication
conflicts</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi,<br>
<br>
you did send the data directly to me, maybe not wanting to
share them to everyone. I'll continue discussion here,
trying to be careful.<br>
<br>
The "good" entry was created in April on replica 12 "0x0c"<br>
<span style="color:#1F497D" lang="EN-US">createTimestamp;vucsn-5524d42b0067000c0000:
20150408070720Z<br>
<br>
the "nsuniqueid" entry was created today on replica 26
"0x1a"<br>
createTimestamp;vucsn-5580f3210000001a0000:
20150617040801Z</span><br>
<br>
if the original entry would have existed on replica26 the
new add should have been rejected, if it was not there the
question is why.<br>
<br>
Do you have any additional info on replica 26, when was it
created, was it disconnected for some time ??<br>
<br>
Ludwig<o:p></o:p></p>
<div>
<p class="MsoNormal">On 06/17/2015 08:13 AM, Alexander
Frolushkin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:windowtext"
lang="EN-US">Hello</span><span
style="color:windowtext">.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext"
lang="EN-US">Another example</span><span
style="color:windowtext">.
</span><span style="color:windowtext" lang="EN-US">Today
appeared on servers of different site.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext"
lang="EN-US">Original LDIF:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># extended LDIF</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">#</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># LDAPv3</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># base <cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru>
with scope subtree</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># filter: (objectclass=*)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># requesting: ALL</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">#</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># System: Manage Host Keytab,
permissions, pbac, unix.megafon.ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">dn: cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermTargetFilter:
(objectclass=ipahost)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermRight: write</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermBindRuleType: permission</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermissionType: V2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermissionType: MANAGED</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermissionType: SYSTEM</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">cn: System: Manage Host Keytab</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: ipapermission</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: top</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: groupofnames</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: ipapermissionv2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">member: cn=Host
Enrollment,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">member: cn=Host
Administrators,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermDefaultAttr: krbprincipalkey</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermDefaultAttr: krblastpwdchange</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermLocation:
cn=computers,cn=accounts,dc=unix,dc=megafon,dc=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># search result</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">search: 2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">result: 0 Success</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># numResponses: 2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># numEntries: 1</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext"
lang="EN-US">Duplicate:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># extended LDIF</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">#</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># LDAPv3</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># base <cn=System: Manage Host
Keytab+nsuniqueid=708bba65-14a611e5-8a48fd19-df27ff01,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru>
with scope subtree</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># filter: (objectclass=*)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># requesting: ALL</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">#</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># System: Manage Host Keytab +
708bba65-14a611e5-8a48fd19-df27ff01, permissio</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ns, pbac, unix.megafon.ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">dn: cn=System: Manage Host
Keytab+nsuniqueid=708bba65-14a611e5-8a48fd19-df27ff</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">01,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermTargetFilter:
(objectclass=ipahost)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermRight: write</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermBindRuleType: permission</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermissionType: V2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermissionType: MANAGED</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermissionType: SYSTEM</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">cn: System: Manage Host Keytab</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: ipapermission</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: top</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: groupofnames</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">objectClass: ipapermissionv2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">member: cn=Host
Enrollment,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">member: cn=Host
Administrators,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermDefaultAttr: krbprincipalkey</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermDefaultAttr: krblastpwdchange</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">ipaPermLocation:
cn=computers,cn=accounts,dc=unix,dc=megafon,dc=ru</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># search result</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">search: 2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">result: 0 Success</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># numResponses: 2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"># numEntries: 1</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">No other servers in IPA domain have such
duplicates.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt">WBR,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Alexander
Frolushkin</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Cell
+79232508764</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Work
+79232507764</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>
[<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">mailto:freeipa-users-bounces@redhat.com</a>]
<b>On Behalf Of </b>Ludwig Krispenz<br>
<b>Sent:</b> Tuesday, June 16, 2015 3:52 PM<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] replication
conflicts</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 06/16/2015 11:42 AM, Alexander
Frolushkin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US">Hello.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Just to remind
if somebody still not familiar with our IPA
installation
</span><span style="font-family:Wingdings"
lang="EN-US">J</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">We currently
have 18 IPA servers in domain, on 8 sites in
different regions across the Russia.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">And now, our new
problem.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Regularly we
getting a nsds5ReplConflict records on some of our
servers, very often on servers from specific site.
Usually it is simply a doubles and we can remove the
renamed change to get everything back. But why do we
have them at all?</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">May be someone
could explain, how we can detect the cause of this
replication conflicts?</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt">if you
are talking about having two "duplicate" entries,
<br>
one: uid=xxxxx,<suffix><br>
one: nsuniqueid=nnnnnnnn+uid=xxxxx,<suffix><br>
<br>
these entries appear if the entry uid=xxxxx was added,
simultaneously, on two servers. I think this can
happen if a client tries to add an entry and if it
doesn't get a response in some time retries on another
server.<br>
to find out which client this is you need to check on
which servers the entries were originally added and
then see which client was doing it<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Sometime it is
moderately harmful, because, for example HBAC stops
working on specific server while doubles still
present.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Thanks in forward…</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">WBR,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Alexander
Frolushkin</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Cell
+79232508764</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Work
+79232507764</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<div class="MsoNormal" style="text-align:center"
align="center"><span style="font-size:12.0pt">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:RU"><br>
Информация в этом сообщении предназначена
исключительно для конкретных лиц, которым она
адресована. В сообщении может содержаться
конфиденциальная информация, которая не может быть
раскрыта или использована кем-либо, кроме адресатов.
Если вы не адресат этого сообщения, то использование,
переадресация, копирование или распространение
содержания сообщения или его части незаконно и
запрещено. Если Вы получили это сообщение ошибочно,
пожалуйста, незамедлительно сообщите отправителю об
этом и удалите со всем содержимым само сообщение и
любые возможные его копии и приложения.<br>
<br>
The information contained in this communication is
intended solely for the use of the individual or
entity to whom it is addressed and others authorized
to receive it. It may contain confidential or legally
privileged information. The contents may not be
disclosed or used by anyone other than the addressee.
If you are not the intended recipient(s), any use,
disclosure, copying, distribution or any action taken
or omitted to be taken in reliance on it is prohibited
and may be unlawful. If you have received this
communication in error please notify us immediately by
responding to this email and then delete the e-mail
and all attachments and any copies thereof.<br>
<br>
(c)20mf50<br>
</span><span style="font-size:12.0pt"><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<div class="MsoNormal" style="text-align:center"
align="center"><span style="font-size:12.0pt">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:RU"><br>
Информация в этом сообщении предназначена
исключительно для конкретных лиц, которым она
адресована. В сообщении может содержаться
конфиденциальная информация, которая не может быть
раскрыта или использована кем-либо, кроме адресатов.
Если вы не адресат этого сообщения, то использование,
переадресация, копирование или распространение
содержания сообщения или его части незаконно и
запрещено. Если Вы получили это сообщение ошибочно,
пожалуйста, незамедлительно сообщите отправителю об
этом и удалите со всем содержимым само сообщение и
любые возможные его копии и приложения.<br>
<br>
The information contained in this communication is
intended solely for the use of the individual or
entity to whom it is addressed and others authorized
to receive it. It may contain confidential or legally
privileged information. The contents may not be
disclosed or used by anyone other than the addressee.
If you are not the intended recipient(s), any use,
disclosure, copying, distribution or any action taken
or omitted to be taken in reliance on it is prohibited
and may be unlawful. If you have received this
communication in error please notify us immediately by
responding to this email and then delete the e-mail
and all attachments and any copies thereof.<br>
<br>
(c)20mf50</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<div class="MsoNormal" style="text-align:center"
align="center"><span style="font-size:12.0pt">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:RU"><br>
Информация в этом сообщении предназначена исключительно
для конкретных лиц, которым она адресована. В сообщении
может содержаться конфиденциальная информация, которая
не может быть раскрыта или использована кем-либо, кроме
адресатов. Если вы не адресат этого сообщения, то
использование, переадресация, копирование или
распространение содержания сообщения или его части
незаконно и запрещено. Если Вы получили это сообщение
ошибочно, пожалуйста, незамедлительно сообщите
отправителю об этом и удалите со всем содержимым само
сообщение и любые возможные его копии и приложения.<br>
<br>
The information contained in this communication is
intended solely for the use of the individual or entity
to whom it is addressed and others authorized to receive
it. It may contain confidential or legally privileged
information. The contents may not be disclosed or used
by anyone other than the addressee. If you are not the
intended recipient(s), any use, disclosure, copying,
distribution or any action taken or omitted to be taken
in reliance on it is prohibited and may be unlawful. If
you have received this communication in error please
notify us immediately by responding to this email and
then delete the e-mail and all attachments and any
copies thereof.<br>
<br>
(c)20mf50<br>
</span><span style="font-size:12.0pt"><br>
<br>
<br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<div class="MsoNormal" style="text-align:center"
align="center"><span style="font-size:12.0pt">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:RU"><br>
Информация в этом сообщении предназначена исключительно
для конкретных лиц, которым она адресована. В сообщении
может содержаться конфиденциальная информация, которая не
может быть раскрыта или использована кем-либо, кроме
адресатов. Если вы не адресат этого сообщения, то
использование, переадресация, копирование или
распространение содержания сообщения или его части
незаконно и запрещено. Если Вы получили это сообщение
ошибочно, пожалуйста, незамедлительно сообщите отправителю
об этом и удалите со всем содержимым само сообщение и
любые возможные его копии и приложения.<br>
<br>
The information contained in this communication is
intended solely for the use of the individual or entity to
whom it is addressed and others authorized to receive it.
It may contain confidential or legally privileged
information. The contents may not be disclosed or used by
anyone other than the addressee. If you are not the
intended recipient(s), any use, disclosure, copying,
distribution or any action taken or omitted to be taken in
reliance on it is prohibited and may be unlawful. If you
have received this communication in error please notify us
immediately by responding to this email and then delete
the e-mail and all attachments and any copies thereof.<br>
<br>
(c)20mf50</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<div class="MsoNormal" style="text-align:center"
align="center"><span style="font-size:12.0pt">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:RU"><br>
Информация в этом сообщении предназначена исключительно
для конкретных лиц, которым она адресована. В сообщении
может содержаться конфиденциальная информация, которая не
может быть раскрыта или использована кем-либо, кроме
адресатов. Если вы не адресат этого сообщения, то
использование, переадресация, копирование или
распространение содержания сообщения или его части
незаконно и запрещено. Если Вы получили это сообщение
ошибочно, пожалуйста, незамедлительно сообщите отправителю
об этом и удалите со всем содержимым само сообщение и
любые возможные его копии и приложения.<br>
<br>
The information contained in this communication is
intended solely for the use of the individual or entity to
whom it is addressed and others authorized to receive it.
It may contain confidential or legally privileged
information. The contents may not be disclosed or used by
anyone other than the addressee. If you are not the
intended recipient(s), any use, disclosure, copying,
distribution or any action taken or omitted to be taken in
reliance on it is prohibited and may be unlawful. If you
have received this communication in error please notify us
immediately by responding to this email and then delete
the e-mail and all attachments and any copies thereof.<br>
<br>
(c)20mf50</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<div class="MsoNormal" style="text-align:center"
align="center"><span style="font-size:12.0pt">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:RU"><br>
Информация в этом сообщении предназначена исключительно
для конкретных лиц, которым она адресована. В сообщении
может содержаться конфиденциальная информация, которая не
может быть раскрыта или использована кем-либо, кроме
адресатов. Если вы не адресат этого сообщения, то
использование, переадресация, копирование или
распространение содержания сообщения или его части
незаконно и запрещено. Если Вы получили это сообщение
ошибочно, пожалуйста, незамедлительно сообщите отправителю
об этом и удалите со всем содержимым само сообщение и
любые возможные его копии и приложения.<br>
<br>
The information contained in this communication is
intended solely for the use of the individual or entity to
whom it is addressed and others authorized to receive it.
It may contain confidential or legally privileged
information. The contents may not be disclosed or used by
anyone other than the addressee. If you are not the
intended recipient(s), any use, disclosure, copying,
distribution or any action taken or omitted to be taken in
reliance on it is prohibited and may be unlawful. If you
have received this communication in error please notify us
immediately by responding to this email and then delete
the e-mail and all attachments and any copies thereof.<br>
<br>
(c)20mf50</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<div class="MsoNormal" style="text-align:center" align="center"><span
style="font-size:12.0pt">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:RU"><br>
Информация в этом сообщении предназначена исключительно для
конкретных лиц, которым она адресована. В сообщении может
содержаться конфиденциальная информация, которая не может
быть раскрыта или использована кем-либо, кроме адресатов.
Если вы не адресат этого сообщения, то использование,
переадресация, копирование или распространение содержания
сообщения или его части незаконно и запрещено. Если Вы
получили это сообщение ошибочно, пожалуйста, незамедлительно
сообщите отправителю об этом и удалите со всем содержимым
само сообщение и любые возможные его копии и приложения.<br>
<br>
The information contained in this communication is intended
solely for the use of the individual or entity to whom it is
addressed and others authorized to receive it. It may
contain confidential or legally privileged information. The
contents may not be disclosed or used by anyone other than
the addressee. If you are not the intended recipient(s), any
use, disclosure, copying, distribution or any action taken
or omitted to be taken in reliance on it is prohibited and
may be unlawful. If you have received this communication in
error please notify us immediately by responding to this
email and then delete the e-mail and all attachments and any
copies thereof.<br>
<br>
(c)20mf50</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU"><o:p> </o:p></span></p>
<div class="MsoNormal" style="text-align:center" align="center"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:RU"><br>
Информация в этом сообщении предназначена исключительно для
конкретных лиц, которым она адресована. В сообщении может
содержаться конфиденциальная информация, которая не может
быть раскрыта или использована кем-либо, кроме адресатов.
Если вы не адресат этого сообщения, то использование,
переадресация, копирование или распространение содержания
сообщения или его части незаконно и запрещено. Если Вы
получили это сообщение ошибочно, пожалуйста, незамедлительно
сообщите отправителю об этом и удалите со всем содержимым
само сообщение и любые возможные его копии и приложения.<br>
<br>
The information contained in this communication is intended
solely for the use of the individual or entity to whom it is
addressed and others authorized to receive it. It may
contain confidential or legally privileged information. The
contents may not be disclosed or used by anyone other than
the addressee. If you are not the intended recipient(s), any
use, disclosure, copying, distribution or any action taken
or omitted to be taken in reliance on it is prohibited and
may be unlawful. If you have received this communication in
error please notify us immediately by responding to this
email and then delete the e-mail and all attachments and any
copies thereof.<br>
<br>
(c)20mf50</span><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU"><o:p> </o:p></span></p>
</div>
<br>
<hr>
<font color="Gray" face="Arial" size="1"><br>
Информация в этом сообщении предназначена исключительно для
конкретных лиц, которым она адресована. В сообщении может
содержаться конфиденциальная информация, которая не может быть
раскрыта или использована кем-либо, кроме адресатов. Если вы не
адресат этого сообщения, то использование, переадресация,
копирование или распространение содержания сообщения или его
части незаконно и запрещено. Если Вы получили это сообщение
ошибочно, пожалуйста, незамедлительно сообщите отправителю об
этом и удалите со всем содержимым само сообщение и любые
возможные его копии и приложения.<br>
<br>
The information contained in this communication is intended
solely for the use of the individual or entity to whom it is
addressed and others authorized to receive it. It may contain
confidential or legally privileged information. The contents may
not be disclosed or used by anyone other than the addressee. If
you are not the intended recipient(s), any use, disclosure,
copying, distribution or any action taken or omitted to be taken
in reliance on it is prohibited and may be unlawful. If you have
received this communication in error please notify us
immediately by responding to this email and then delete the
e-mail and all attachments and any copies thereof.<br>
<br>
(c)20mf50<br>
</font>
</blockquote>
<br>
</body>
</html>