On 06/23/2011 09:06 AM, Rich Megginson wrote:
On 06/23/2011 08:02 AM, Attila Bogár wrote:
Hi,
I deleted more than 50 users from AD and expected IPA to do the same.
However the EXAMPLE-COM 389-ds instance just crashed and I can't
start it anymore.
Could you please help with this issue?
The error logging is set to REPL|PLUGIN.
I can see the following in error log:
tail /var/log/dirsrv/slapd-EXAMPLE-COM/errors
[23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin -
agmt="cn=meTodc1.win.example.com" (dc1:389): map_entry_dn_outbound:
looking for AD entry for DS
dn="uid=mtf,cn=users,cn=accounts,dc=example,dc=com"
guid="cc62cd9765c139458d9a21fdddf50eae"
[23/Jun/2011:14:55:51 +0100] - Calling windows entry search request
plugin
[23/Jun/2011:14:55:51 +0100] ipa-winsync - -->
ipa_winsync_pre_ad_search_cb -- begin
[23/Jun/2011:14:55:51 +0100] ipa-winsync - <--
ipa_winsync_pre_ad_search_cb -- end
[23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin - Could not
retrieve entry from Windows using search base
[<GUID=cc62cd9765c139458d9a21fdddf50eae>] scope [0] filter
[(objectclass=*)]: error 32:No such object
[23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin -
agmt="cn=meTodc1.win.example.com" (dc1:389): map_entry_dn_outbound:
return code -1 from search for AD entry
dn="<GUID=cc62cd9765c139458d9a21fdddf50eae>" or dn="(null)"
[23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin -
agmt="cn=meTodc1.win.example.com" (dc1:389): map_entry_dn_outbound:
entry not found - rc -1
[23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin -
agmt="cn=meTodc1.win.example.com" (dc1:389): windows_replay_update:
Processing modify operation local
dn="uid=mtf,cn=users,cn=accounts,dc=example,dc=com" remote
dn="<GUID=cc62cd9765c139458d9a21fdddf50eae>"
[23/Jun/2011:14:55:51 +0100] ipa-winsync - -->
ipa_winsync_pre_ad_mod_user_mods_cb -- begin
[23/Jun/2011:14:55:51 +0100] ipa-winsync - <-- ipa_check_account_lock
- entry [uid=mtf,cn=users,cn=accounts,dc=example,dc=com] has real
attribute nsAccountLock and entry is locked
Does the user mtf exist in AD?
Looks like something happens to the mtf user - it's there, then it's not:
[23/Jun/2011:14:46:15 +0100] NSMMReplicationPlugin -
agmt="cn=meTodc1.win.linguamatics.com" (dc1:389): map_entry_dn_outbound:
return code 0 from search for AD entry
dn="<GUID=cc62cd9765c139458d9a21fdddf50eae>" or dn="CN=Matt
Francomb,CN=ipa,DC=win,DC=linguamatics,DC=com"
[23/Jun/2011:14:46:15 +0100] NSMMReplicationPlugin -
agmt="cn=meTodc1.win.linguamatics.com" (dc1:389): windows_replay_update:
Processing modify operation local
dn="uid=mtf,cn=users,cn=accounts,dc=linguamatics,dc=com" remote
dn="<GUID=cc62cd9765c139458d9a21fdddf50eae>"
then the next time this entry comes up:
[23/Jun/2011:14:46:18 +0100] NSMMReplicationPlugin -
agmt="cn=meTodc1.win.linguamatics.com" (dc1:389): map_entry_dn_outbound:
looking for AD entry for DS
dn="uid=mtf,cn=users,cn=accounts,dc=linguamatics,dc=com"
guid="cc62cd9765c139458d9a21fdddf50eae"
[23/Jun/2011:14:46:18 +0100] NSMMReplicationPlugin -
agmt="cn=meTodc1.win.linguamatics.com" (dc1:389): map_entry_dn_outbound:
return code -1 from search for AD entry
dn="<GUID=cc62cd9765c139458d9a21fdddf50eae>" or dn="(null)"
[23/Jun/2011:14:46:18 +0100] NSMMReplicationPlugin -
agmt="cn=meTodc1.win.linguamatics.com" (dc1:389): map_entry_dn_outbound:
entry not found - rc -1
Is it possible this entry was deleted from AD between
23/Jun/2011:14:46:15 and 23/Jun/2011:14:46:18 ?
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users