Hi, No that is the replication agreement, Ive turned that server off so it doesnt also get "wiped".
I am running with a log error level 8192 right now for a full errrors output... regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________ From: Rich Megginson [rmegg...@redhat.com] Sent: Thursday, 20 September 2012 11:03 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync agreement wipes IPA users On 09/19/2012 04:55 PM, Steven Jones wrote: Hi, Sample of errors log, ========= [17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 1bcf2e0 for database /var/lib/dirsrv/slapd-ODS-VUW-AC-NZ/cldb/32d77a0d-778a11e1-a445c792-b25c661e_4fbdbe64000000040000.db4 [17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 1bcf2e0 for database /var/lib/dirsrv/slapd-ODS-VUW-AC-NZ/cldb/32d77a0d-778a11e1-a445c792-b25c661e_4fbdbe64000000040000.db4 [17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 504d01f7000000110000 [17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - agmt="cn=meTovuwunicoipam002.ods.vuw.ac.nz" (vuwunicoipam002:389): State: stop_fatal_error -> stop_fatal_error [17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - agmt="cn=meTovuwunicoipam003.ods.vuw.ac.nz" (vuwunicoipam003:389): State: stop_fatal_error -> stop_fatal_error [17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 504d01f8000000110000 into pending list [17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - Purged state information from entry uid=jonesst1,cn=users,cn=accounts,dc=ods,dc=vuw,dc=ac,dc=nz up to CSN 504d42c5000000040000 [17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 1bcf2e0 for database /var/lib/dirsrv/slapd-ODS-VUW-AC-NZ/cldb/32d77a0d-778a11e1-a445c792-b25c661e_4fbdbe64000000040000.db4 [17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - changelog program - _cl5GetDBFileByReplicaName: found DB object 1bcf2e0 for database /var/lib/dirsrv/slapd-ODS-VUW-AC-NZ/cldb/32d77a0d-778a11e1-a445c792-b25c661e_4fbdbe64000000040000.db4 [17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - ruv_update_ruv: successfully committed csn 504d01f8000000110000 [17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - agmt="cn=meTovuwunicoipam002.ods.vuw.ac.nz" (vuwunicoipam002:389): State: stop_fatal_error -> stop_fatal_error [17/Sep/2012:13:31:48 +1200] NSMMReplicationPlugin - agmt="cn=meTovuwunicoipam003.ods.vuw.ac.nz" (vuwunicoipam003:389): State: stop_fatal_error -> stop_fatal_error ========= Is cn=meTovuwunicoipam003.ods.vuw.ac.nz the windows sync agreement? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________ From: Rich Megginson [rmegg...@redhat.com<mailto:rmegg...@redhat.com>] Sent: Wednesday, 19 September 2012 12:32 a.m. To: Steven Jones Cc: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com> Subject: Re: [Freeipa-users] winsync agreement wipes IPA users On 09/17/2012 07:10 PM, Steven Jones wrote: Hi, I understand that I'll lose users that are cn=Staff_Admins,dc=etc So the Q is why I am losing users in the --win-subtree cn=VUW_Staff,dc= etc This I dont understand.... I have the -v already, anyway to make it very verbose? http://port389.org/wiki/FAQ#Troubleshooting Use the replication log level 8192 I'd like to see the directory server errors log /var/log/dirsrv/slapd-DOMAIN/errors when winsync deletes entries under the --win-subtree cn=VUW_Staff,dc= etc regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________ From: Rich Megginson [rmegg...@redhat.com<mailto:rmegg...@redhat.com>] Sent: Tuesday, 18 September 2012 12:47 p.m. To: Steven Jones Cc: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com> Subject: Re: [Freeipa-users] winsync agreement wipes IPA users On 09/17/2012 06:17 PM, Steven Jones wrote: Hi, The first time missed the --win-subtree settings so I wiped the admins in the IPA admin group and users as they were not in cn=users as per the bug. The second time as far as I can tell I specified the correct cn via win-subtree flag but I still appear to have lost the users in IPA.....now I expected to lose the admins but the loss of users as well confounds me. I did a ldapsearch as per checking and its seems to be saying the right folder/ou/cn but IPA is empty. Hence I was wondering if there was a log recording what the update was doing so I could try and figure out the mistake. Ive tried greping cant find any indication. I will re-try with -v, verbose. It is not clear from the manuals, but no matter what -win-subtree you specify, winsync will search AD starting from the dc=domain suffix. So, for example, if you have cn=mystaff,cn=staff,dc=example,dc=com and you specify --win-subtree "cn=mystaff,cn=staff,dc=example,dc=com" winsync will still search starting from dc=example,dc=com and will hit ticket/355<https://fedorahosted.org/389/ticket/355> if there are any users outside of cn=mystaff,cn=staff,dc=example,dc=com that have the same username as a user in IPA. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________ From: Rich Megginson [rmegg...@redhat.com<mailto:rmegg...@redhat.com>] Sent: Tuesday, 18 September 2012 11:37 a.m. To: Steven Jones Cc: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com> Subject: Re: [Freeipa-users] winsync agreement wipes IPA users On 09/17/2012 04:17 PM, Steven Jones wrote: Hi, I just tried to do a winsync agreement with specifying the AD point as cn=VUW_Staff,dc=staff,dc=vuw,dc=vuw,dc=ac,dc=nz as my users are not in the users folder but the VUW_Staff folder (at the same level) and it wiped all IPA users that are also in AD. Yes, this is what happens with https://fedorahosted.org/389/ticket/355 #355 winsync should not delete entry that appears to be out of scope While doing the actual update does this get verbosly logged anywhere as opposed to "update in progress" dumped to the screen? Something went badly wrong, I just dont know what. You are seeing something different than #355? :/ regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com> https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
