Hi, ohm_admins.ldif and curie_admins.ldif attached. I added a '-h $hostname' to the command to ensure that I queried both servers. The results look identical to me, apart from the ordering.
Thanks, Dan On Wed, Oct 6, 2010 at 15:34, Rob Crittenden <rcrit...@redhat.com> wrote: > Dan Scott wrote: >> >> Hi, >> >> On Wed, Oct 6, 2010 at 11:32, Simo Sorce<sso...@redhat.com> wrote: >>> >>> On Wed, 6 Oct 2010 10:26:48 -0400 >>> Dan Scott<danieljamessc...@gmail.com> wrote: >>> >>>> Hi, >>>> >>>> I have master and slave FreeIPA servers. I recently upgraded the slave >>>> by wiping, re-installing Fedora 13 and re-creating the replication >>>> using ipa-replica-prepare and ipa-replica-install. >>>> >>>> For some reason, the slave is having difficulty replicating the >>>> memberOf attribute. I can attach an LDAP viewer to the replica, and >>>> view the schema, but the memberOf attributes are missing. Also, the >>>> master server contains the lines: >>>> >>>> - Entry "cn=admins,cn=groups,cn=accounts,dc=example,dc=com" -- >>>> attribute "memberOf" not allowed >>>> NSMMReplicationPlugin - repl_set_mtn_referrals: could not set >>>> referrals for replica dc=example,dc=com: 20 >>>> NSMMReplicationPlugin - replica_reload_ruv: Warning: new data for >>>> replica dc=example,dc=com does not match the data in the changelog. >>>> Recreating the changelog file. This could affect replication with >>>> replica's consumers in which case the consumers should be >>>> reinitialized. >>>> [06/Oct/2010:09:58:33 -0400] - skipping cos definition cn=account >>>> inactivation,cn=accounts,dc=example,dc=com--no templates found >>>> >>>> The rest of the replication appears to be working correctly (as far as >>>> I can tell). >>>> >>>> I have tried using ipa-replica-manage init and synch to try to fix the >>>> replication, but I suspect this has something to do with the schema >>>> definition. >>>> >>>> Does anyone have any pointers/ideas for how I can fix this? >>> >>> Dan, the memberof attribute is explicitly not replicated, and should be >>> simply re-generated on the receiving replica when "member" attributes >>> are replicated. >> >> So does this imply that there is some corruption in the schema on the >> replica server? >> >>> Are the IPA versions on the master and the replica the same ? >> >> They are both the same version: ipa-server-1.2.2-4.fc13.x86_64 >> >> Thanks, >> >> Dan Scott > > It is complaining that memberOf isn't allowed in the admins group which is > pretty strange. > > Can you show us the admins group out of the replica and master? > > ldapsearch -x -b 'cn=groups,cn=accounts,dc=example,dc=com' cn=admins > > thanks > > rob >
# extended LDIF # # LDAPv3 # base <cn=groups,cn=accounts,dc=example,dc=com> with scope subtree # filter: cn=admins # requesting: ALL # # admins, groups, accounts, example.com dn: cn=admins,cn=groups,cn=accounts,dc=example,dc=com member: uid=admin,cn=users,cn=accounts,dc=example,dc=com member: uid=djscott,cn=users,cn=accounts,dc=example,dc=com member: uid=mauro,cn=users,cn=accounts,dc=example,dc=com gidNumber: 1001 description: Account administrators group cn: admins objectClass: top objectClass: groupofnames objectClass: posixGroup # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
# extended LDIF # # LDAPv3 # base <cn=groups,cn=accounts,dc=example,dc=com> with scope subtree # filter: cn=admins # requesting: ALL # # admins, groups, accounts, example.com dn: cn=admins,cn=groups,cn=accounts,dc=example,dc=com objectClass: top objectClass: groupofnames objectClass: posixGroup cn: admins description: Account administrators group gidNumber: 1001 member: uid=admin,cn=users,cn=accounts,dc=example,dc=com member: uid=djscott,cn=users,cn=accounts,dc=example,dc=com member: uid=mauro,cn=users,cn=accounts,dc=example,dc=com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
