Dear list,

I ran into a replication and id-range issue recently and need a hint. I upgraded from FreeIPA 3.0 to 4.x a couple of months ago, everything ran fine. Configuration is


o201:    4.5 master server
poolsrv: 4.5 replica server

Then, i noticed that new accounts got UIDs starting after around 1100 (instead of after 150600000 as it used to be) and data changes (new passwords, etc.) weren't propagated from replica to master (it works the other way round, though). I'm unsure, if these two problems are related to each other.

Logs on the replica server showed:

---
Oct  1 12:51:25 poolsrv ns-slapd: [01/Oct/2017:12:51:25.971742707 +0200] - ERR - 
NSMMReplicationPlugin - send_updates - agmt="cn=meToo201.example.org" 
(o201:389): Data required to update replica has been purged from the changelog. If the 
error persists the replica must be reinitialized.
Oct  1 12:51:28 poolsrv ns-slapd: [01/Oct/2017:12:51:28.997226017 +0200] - ERR - 
agmt="cn=meToo201.example.org" (o201:389) - clcache_load_buffer - Can't locate 
CSN 59ce5686000200070000 in the changelog (DB rc=-30988). If replication stops, the 
consumer may need to be reinitialized.
Oct  1 12:51:29 poolsrv ns-slapd: [01/Oct/2017:12:51:29.029970733 +0200] - ERR - 
NSMMReplicationPlugin - changelog program - repl_plugin_name_cl - 
agmt="cn=meToo201.example.org" (o201:389): CSN 59ce5686000200070000 not found, 
we aren't as up to date, or we purged
Oct  1 12:51:29 poolsrv ns-slapd: [01/Oct/2017:12:51:29.050568545 +0200] - ERR - 
NSMMReplicationPlugin - send_updates - agmt="cn=meToo201.example.org" 
(o201:389): Data required to update replica has been purged from the changelog. If the 
error persists the replica must be reinitialized.
---

I did a

---
ipa-replica-manage re-initialize --from o201.example.org
---

on the replica server and the errors in the logs went away - the problems (both) didn't, unfortunately.

The logs now show

---
Oct  1 18:45:44 poolsrv ns-slapd: [01/Oct/2017:18:45:44.794912092 +0200] - ERR 
- find_sid_for_ldap_entry - [file ipa_sidgen_common.c, line 522]: Cannot 
convert Posix ID [1103] into an unused SID.
Oct  1 18:45:44 poolsrv ns-slapd: [01/Oct/2017:18:45:44.851503923 +0200] - ERR 
- ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 149]: Cannot add SID to new 
entry.

Oct  1 18:46:53 o201 ns-slapd: [01/Oct/2017:18:46:53.360717035 +0200] - ERR - 
find_sid_for_ldap_entry - [file ipa_sidgen_common.c, line 522]: Cannot convert 
Posix ID [1106] into an unused SID.
Oct  1 18:46:53 o201 ns-slapd: [01/Oct/2017:18:46:53.361100457 +0200] - ERR - 
ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 149]: Cannot add SID to new 
entry.
---

Further information:

---
root@o201:~# ipa idrange-find
---------------
1 range matched
---------------
  Range name: EXAMPLE.ORG_id_range
  First Posix ID of the range: 150600000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 1000
  First RID of the secondary RID range: 100000000
  Range type: local domain range
----------------------------
Number of entries returned 1
----------------------------

root@o201:~# ipa-replica-manage dnarange-show
o201.example.org: 1108-5000
poolsrv.example.org: 1105-5000
---

The latter looks broken. The above output is identical on both the master and the replica server. "ipactl status" shows all services running on both servers.


Best regards,

--Daniel.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to