On 05/21/2015 02:20 PM, thierry bordaz wrote:
On 05/21/2015 01:36 PM, Janelle wrote:

And just like that - for no reason, they all reappeared:

unable to decode  {replica 16} 55356472000300100000 55356472000300100000
unable to decode  {replica 23} 5545d61f000200170000 5552f718000300170000
unable to decode  {replica 24} 554d53d3000000180000 554d54a4000200180000


Hello Janelle,

Those 3 RIDs were already present in Node dc2-ipa1, correct ? They reappeared on others nodes as well ? May be ds2-ipa1 established a replication session with its peers and send those RIDs. Could you track in all the access logs, when the op csn=5552f718000300170000 was applied.

Note that the two hexa values of replica 23 changed (5545d61f000200170000 5552f718000300170000 vs 5553e3a3000000170000 55543240000300170000). Have you recreated a replica 23 ?.

Do you have replication logging enabled ?


Hi Thierry, Mark,

I have an idea how this can happen, and now I have an environment where these show up.

The changelog contains max and purge ruv, and in my changelog I have:

dbid: 0000006f000000000000
        entry count: 304

dbid: 000000de000000000000
        purge ruv:
                {replicageneration} 51dc3bac000000640000
                {replica 100} 5555a759000000640000 5555a759000000640000
                {replica 200} 5555b3c2000000c80000 5555b3c2000000c80000
                {replica 300} 5555b3c20005012c0000 5555b3c20005012c0000

dbid: 0000014d000000000000
        max ruv:
                {replicageneration} 51dc3bac000000640000
                {replica 100} 5555a759000000640000 5555d773000000640000
                {replica 200} 5555b3c2000000c80000 5555b3c2000000c80000
                {replica 300} 5555b3c20005012c0000 5555b3c20005012c0000

after restarting I got:
ldapsearch -LLL -o ldif-wrap=no -h localhost -p 30522 -x -D "cn=directory manager" -w xxxxxx -b "cn=config" "objectclass=nsds5replica" nsds50ruv
dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
nsds50ruv: {replicageneration} 51dc3bac000000640000
nsds50ruv: {replica 100 ldap://localhost:30522} 5555a759000000640000 5555d773000000640000 nsds50ruv: {replica 200 ldap://localhost:4945} 5555b3c2000000c80000 5555b3c2000000c80000
nsds50ruv: {replica 300} 5555b3c20005012c0000 5555b3c20005012c0000

replica 300 is corrupted.

In this env I had played by cleaning ruv for rid 300, without disabling repl agreements from 300 (which I shoudl have done) and by adding changes later on replica 300 (which I shouldn't). Everything looked fine, just after stopping to dump the changelog and restarting I was in the bad state

Need to try to repeat and verify

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to