Hi, Please have a look at dirsrv's logs for replication issues when you add an entry.
François On Mon, Jul 5, 2021 at 9:31 AM Kees Bakker via FreeIPA-users <[email protected]> wrote: > > Hi Flo, > > Do you perhaps have another hint what I can check? > > On 01-07-2021 21:44, Kees Bakker via FreeIPA-users wrote: > > Hi Flo, > > No there are none. > > All three servers report: > search: 2 > result: 0 Success > > On 01-07-2021 21:01, Florence Renaud wrote: > > Hi Kees, > can you also check if there are replication conflict entries? On each server: > export BASEDN=<basedn value from /etc/ipa/default.conf> > ldapsearch -D "cn=Directory Manager" -W -b $BASEDN > "(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))" \* nsds5ReplConflict > > flo > > On Thu, Jul 1, 2021 at 2:35 PM Rob Crittenden via FreeIPA-users > <[email protected]> wrote: >> >> Kees Bakker via FreeIPA-users wrote: >> > Hey, >> > >> > In two of my three masters I see these error messages. >> > >> > Jul 01 09:38:38 linge.ghs.nl named-pkcs11[6945]: bug in >> > ldap_entry_reconstruct(): protocol violation: attempt to reconstruct >> > non-existing entry >> > Jul 01 09:38:38 linge.ghs.nl named-pkcs11[6945]: ldap_sync_search_entry >> > failed: not found >> > >> > It also so happens that DNS is not updated on these two systems. >> > We only use one master to update DNS, either via the web interface >> > or via DHCP-update. These changes are correctly found in LDAP, on >> > all three systems. However, the two other nameservers don't pick >> > up the changes. >> > >> > There are no "syncrepl_update" messages in the log (after increasing >> > trace level with rndc trace 10). >> > >> > To be honest, I don't know if the above errors are related to the missing >> > updates. I'm grasping at straws here. >> > Something is seriously wrong, but what? How can I debug this further? >> > >> > The two failing systems run CentOS 8 Stream. Some rpm info: >> > 389-ds-base-1.4.3.16-8.module_el8.4.0+644+ed25d39e.x86_64 >> > ipa-server-4.9.2-3.module_el8.5.0+750+c59b186b.x86_64 >> >> I don't really do DNS but both of these messages come from >> bind-dyndb-ldap, the LDAP backend for bind. >> >> There is slightly more syncrepl logging at level 20, but only slightly more. >> >> rob >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> Do not reply to spam on the list, report it: >> https://pagure.io/fedora-infrastructure > > > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
