Hi there,

I’ve installed ipa-server-3.0.0-42.el6.centos.x86_64 on CentOS 6.6 servers.
Configured first as a master. Configured second as a replica.
Everything went smooth, no errors.
If I create a user on the master, it automatically shows up on the replica.
BUT If I create a user on the replica, I cannot see on the master the created 
user. (or if i delete a user on replica which was created on master, it stays 
on the masters)

I’ve tried to force-sync the master without luck:

[root@centosm ~]# ipa-replica-manage force-sync --from centosr.macp.sh
ipa: INFO: Setting agreement 
cn=meTocentosm.macp.sh,cn=replica,cn=dc\=macp\,dc\=sh,cn=mapping tree,cn=config 
schedule to 2358-2359 0 to force synch
ipa: INFO: Deleting schedule 2358-2359 0 from agreement 
cn=meTocentosm.macp.sh,cn=replica,cn=dc\=macp\,dc\=sh,cn=mapping tree,cn=config


Example:
[root@centosr ~]# ipa user-add
First name: test
Last name: test
User login [ttest]:
------------------
Added user "ttest"
------------------
  User login: ttest
  First name: test
  Last name: test
  Full name: test test
  Display name: test test
  Initials: tt
  Home directory: /home/ttest
  GECOS field: test test
  Login shell: /bin/sh
  Kerberos principal: tt...@macp.sh
  Email address: tt...@macp.sh
  UID: 1213900501
  GID: 1213900501
  Password: False
  Kerberos keys available: False

[root@centosm ~]# ipa user-show ttest
ipa: ERROR: ttest: user not found

I’ve checked replication statuses:

Master:
[root@centosm ~]# ldapsearch -x -h centosm.macp.sh -D "cn=directory manager" -w 
xxxxxx1 -b cn=config '(objectclass=nsds5replicationagreement)'
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (objectclass=nsds5replicationagreement)
# requesting: ALL
#

# meTocentosr.macp.sh, replica, dc\3Dmacp\2Cdc\3Dsh, mapping tree, config
dn: cn=meTocentosr.macp.sh,cn=replica,cn=dc\3Dmacp\2Cdc\3Dsh,cn=mapping tree,c
 n=config
cn: meTocentosr.macp.sh
objectClass: nsds5replicationagreement
objectClass: top
nsDS5ReplicaTransportInfo: LDAP
description: me to centosr.macp.sh
nsDS5ReplicaRoot: dc=macp,dc=sh
nsDS5ReplicaHost: centosr.macp.sh
nsds5replicaTimeout: 120
nsDS5ReplicaPort: 389
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
  entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
 uccessfulauth krblastfailedauth krbloginfailedcount
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20150127162748Z
nsds5replicaLastUpdateEnd: 20150127162751Z
nsds5replicaChangesSentSinceStartup:: NDoxMzkxLzMg
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
 ate succeeded
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 20150127145831Z
nsds5replicaLastInitEnd: 20150127145834Z
nsds5replicaLastInitStatus: 0 Total update succeeded

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Slave:
[root@centosr ~]# ldapsearch -x -h centosr.macp.sh -D "cn=directory manager" -w 
almafa12 -b cn=config '(objectclass=nsds5replicationagreement)'
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (objectclass=nsds5replicationagreement)
# requesting: ALL
#

# meTocentosm.macp.sh, replica, dc\3Dmacp\2Cdc\3Dsh, mapping tree, config
dn: cn=meTocentosm.macp.sh,cn=replica,cn=dc\3Dmacp\2Cdc\3Dsh,cn=mapping tree,c
 n=config
cn: meTocentosm.macp.sh
objectClass: nsds5replicationagreement
objectClass: top
nsDS5ReplicaTransportInfo: LDAP
description: me to centosm.macp.sh
nsDS5ReplicaRoot: dc=macp,dc=sh
nsDS5ReplicaHost: centosm.macp.sh
nsds5replicaTimeout: 120
nsDS5ReplicaPort: 389
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
  entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
 uccessfulauth krblastfailedauth krbloginfailedcount
nsds50ruv: {replicageneration} 54c7a797000000040000
nsds50ruv: {replica 4 ldap://centosm.macp.sh:389}
nsds50ruv: {replica 3 ldap://centosr.macp.sh:389} 54c7a79b000000030000 54c7a7a
 1000400030000
nsruvReplicaLastModified: {replica 4 ldap://centosm.macp.sh:389} 00000000
nsruvReplicaLastModified: {replica 3 ldap://centosr.macp.sh:389} 00000000
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
 ternalModifyTimestamp
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20150127162747Z
nsds5replicaLastUpdateEnd: 20150127162747Z
nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
 ate started
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 0
nsds5replicaLastInitEnd: 0

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

[root@centosm ~]# ipa-replica-manage list
centosm.macp.sh: master
centosr.macp.sh: master
[root@centosm ~]# ipa-replica-manage -v list centosr.macp.sh
centosm.macp.sh: replica
  last init status: None
  last init ended: None
  last update status: 0 Replica acquired successfully: Incremental update 
started
  last update ended: 2015-01-27 16:29:00+00:00
[root@centosm ~]#

[root@centosr ~]# ipa-replica-manage list
centosm.macp.sh: master
centosr.macp.sh: master
[root@centosr ~]# ipa-replica-manage list -v centosm.macp.sh
centosr.macp.sh: replica
  last init status: 0 Total update succeeded
  last init ended: 2015-01-27 14:58:34+00:00
  last update status: 0 Replica acquired successfully: Incremental update 
started
  last update ended: None
[root@centosr ~]#

Probably I’m missing something really obvious, so if anyone can tell me what, I 
would be really grateful :).

Kind regards,
Csaba Kollar








-- 
***** Email confidentiality notice *****

Xanadu Consultancy Limited is a limited company registered in Ireland with 
registered number 500416 and VAT registered number IE 9793319P. Our 
registered office is at Floor 2, River House, Blackpool Retail & Business 
Park, Cork, Ireland. We have a branch office registered in England and 
Wales with company number FC030315, whose address is at Unit 710 Highgate 
Studios, 53-79 Highgate Road, London, NW5 1TL.

This message is intended solely for the addressee and may contain 
confidential information. If you have received this message in error, 
please send it back to us, and immediately and permanently delete it. Do 
not use, copy or disclose the information contained in this message or in 
any attachment. Xanadu Consultancy Limited cannot accept liability for any 
statements made which are clearly the sender’s own and not expressly made 
on behalf of Xanadu Consultancy Limited.
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to