One example of duplicate:
krbprincipalname=HTTP/nw-rhidm02.unix.megafon...@unix.megafon.ru+nsuniqueid=5a726d95-0e9611e5-8418a085-d3870578,cn=services,cn=accounts,dc=unix,dc=megafon,dc=ru

the original one:
krbprincipalname=HTTP/nw-rhidm02.unix.megafon...@unix.megafon.ru,cn=services,cn=accounts,dc=unix,dc=megafon,dc=ru

On three servers placed on one site we have such duplicates.

On all other servers we have only record with normal name, with content of 
record, which have "+nsuniqueid=5a726d95-0e9611e5-8418a085-d3870578" on 
affected servers.

Plus we have one record with no original one, only name with +nsuniqueid, and 
no such record on all other servers.


WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764

From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Tuesday, June 16, 2015 5:30 PM
To: Alexander Frolushkin (SIB)
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] replication conflicts


On 06/16/2015 12:44 PM, Alexander Frolushkin wrote:
It looks like our duplicates have some "internal" source, it source is not a 
client system, but one of our IPA servers.
to get these kind of conflict two servers have to be involved
if you say internal source, what kind of entries are affected ? do you mean 
these entries are created internally on server by a plugin ?

Is it possible to get such duplicate records in combination of replication 
"multipath" and some clock skew (it is not ideally synchronized because of very 
big distances between sites)?
the clock skew should have no effect, the replication protocol additinally 
manages it own time used in genratio of CSNs and tries to synchronize time, it 
could affect the oreder changes are applied during replication, but for these 
conflicts there have to be two independent ADDs


WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764

From: freeipa-users-boun...@redhat.com<mailto:freeipa-users-boun...@redhat.com> 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Ludwig Krispenz
Sent: Tuesday, June 16, 2015 3:52 PM
To: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com>
Subject: Re: [Freeipa-users] replication conflicts


On 06/16/2015 11:42 AM, Alexander Frolushkin wrote:
Hello.
Just to remind if somebody still not familiar with our IPA installation :)
We currently have 18 IPA servers in domain, on 8 sites in different regions 
across the Russia.
And now, our new problem.
Regularly we getting a nsds5ReplConflict records on some of our servers, very 
often on servers from specific site. Usually it is simply a doubles and we can 
remove the renamed change to get everything back. But why do we have them at 
all?
May be someone could explain, how we can detect the cause of this replication 
conflicts?
if you are talking about having two "duplicate" entries,
one: uid=xxxxx,<suffix>
one: nsuniqueid=nnnnnnnn+uid=xxxxx,<suffix>

these entries appear if the entry uid=xxxxx was added, simultaneously, on two 
servers. I think this can happen if a client tries to add an entry and if it 
doesn't get a response in some time retries on another server.
to find out which client this is you need to check on which servers the entries 
were originally added and then see which client was doing it


Sometime it is moderately harmful, because, for example HBAC stops working on 
specific server while doubles still present.
Thanks in forward...

WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764


________________________________

Информация в этом сообщении предназначена исключительно для конкретных лиц, 
которым она адресована. В сообщении может содержаться конфиденциальная 
информация, которая не может быть раскрыта или использована кем-либо, кроме 
адресатов. Если вы не адресат этого сообщения, то использование, переадресация, 
копирование или распространение содержания сообщения или его части незаконно и 
запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно 
сообщите отправителю об этом и удалите со всем содержимым само сообщение и 
любые возможные его копии и приложения.

The information contained in this communication is intended solely for the use 
of the individual or entity to whom it is addressed and others authorized to 
receive it. It may contain confidential or legally privileged information. The 
contents may not be disclosed or used by anyone other than the addressee. If 
you are not the intended recipient(s), any use, disclosure, copying, 
distribution or any action taken or omitted to be taken in reliance on it is 
prohibited and may be unlawful. If you have received this communication in 
error please notify us immediately by responding to this email and then delete 
the e-mail and all attachments and any copies thereof.

(c)20mf50





________________________________

Информация в этом сообщении предназначена исключительно для конкретных лиц, 
которым она адресована. В сообщении может содержаться конфиденциальная 
информация, которая не может быть раскрыта или использована кем-либо, кроме 
адресатов. Если вы не адресат этого сообщения, то использование, переадресация, 
копирование или распространение содержания сообщения или его части незаконно и 
запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно 
сообщите отправителю об этом и удалите со всем содержимым само сообщение и 
любые возможные его копии и приложения.

The information contained in this communication is intended solely for the use 
of the individual or entity to whom it is addressed and others authorized to 
receive it. It may contain confidential or legally privileged information. The 
contents may not be disclosed or used by anyone other than the addressee. If 
you are not the intended recipient(s), any use, disclosure, copying, 
distribution or any action taken or omitted to be taken in reliance on it is 
prohibited and may be unlawful. If you have received this communication in 
error please notify us immediately by responding to this email and then delete 
the e-mail and all attachments and any copies thereof.

(c)20mf50


________________________________

Информация в этом сообщении предназначена исключительно для конкретных лиц, 
которым она адресована. В сообщении может содержаться конфиденциальная 
информация, которая не может быть раскрыта или использована кем-либо, кроме 
адресатов. Если вы не адресат этого сообщения, то использование, переадресация, 
копирование или распространение содержания сообщения или его части незаконно и 
запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно 
сообщите отправителю об этом и удалите со всем содержимым само сообщение и 
любые возможные его копии и приложения.

The information contained in this communication is intended solely for the use 
of the individual or entity to whom it is addressed and others authorized to 
receive it. It may contain confidential or legally privileged information. The 
contents may not be disclosed or used by anyone other than the addressee. If 
you are not the intended recipient(s), any use, disclosure, copying, 
distribution or any action taken or omitted to be taken in reliance on it is 
prohibited and may be unlawful. If you have received this communication in 
error please notify us immediately by responding to this email and then delete 
the e-mail and all attachments and any copies thereof.

(c)20mf50
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to