In access log:
[17/Jun/2015:10:08:01 +0600] conn=2 op=91 ADD dn="cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru"
[17/Jun/2015:10:08:01 +0600] conn=2 op=91 RESULT err=0 tag=105 nentries=0
etime=0 csn=5580f3210000001a0000
There is a lot of strange around this time in error log:
[17/Jun/2015:10:07:58 +0600] - 389-Directory/1.3.3.1 B2015.112.027 starting up
[17/Jun/2015:10:07:59 +0600] - WARNING: userRoot: entry cache size 2199021B is
less than db size 4702208B; We recommend to increase the entry cache size
nsslapd-cachememsize.
[17/Jun/2015:10:07:59 +0600] - WARNING: ipaca: entry cache size 5368708B is
less than db size 7684096B; We recommend to increase the entry cache size
nsslapd-cachememsize.
[17/Jun/2015:10:07:59 +0600] - I'm resizing my cache now...cache was 2097152
and is now 1677721
[17/Jun/2015:10:07:59 +0600] schema-compat-plugin - warning: no entries set up
under cn=computers, cn=compat,dc=unix,dc=megafon,dc=ru
[17/Jun/2015:10:07:59 +0600] NSACLPlugin - The ACL target
cn=keys,cn=sec,cn=dns,dc=unix,dc=megafon,dc=ru does not exist
[17/Jun/2015:10:07:59 +0600] NSACLPlugin - The ACL target
cn=groups,cn=compat,dc=unix,dc=megafon,dc=ru does not exist
[17/Jun/2015:10:07:59 +0600] NSACLPlugin - The ACL target
cn=computers,cn=compat,dc=unix,dc=megafon,dc=ru does not exist
[17/Jun/2015:10:07:59 +0600] NSACLPlugin - The ACL target
cn=ng,cn=compat,dc=unix,dc=megafon,dc=ru does not exist
[17/Jun/2015:10:07:59 +0600] NSACLPlugin - The ACL target
ou=sudoers,dc=unix,dc=megafon,dc=ru does not exist
[17/Jun/2015:10:07:59 +0600] NSACLPlugin - The ACL target
cn=users,cn=compat,dc=unix,dc=megafon,dc=ru does not exist
[17/Jun/2015:10:07:59 +0600] NSACLPlugin - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=unix,dc=megafon,dc=ru does not exist
[17/Jun/2015:10:07:59 +0600] NSACLPlugin - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=unix,dc=megafon,dc=ru does not exist
[17/Jun/2015:10:07:59 +0600] NSACLPlugin - The ACL target cn=automember rebuild
membership,cn=tasks,cn=config does not exist
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1395
ldap://msk-rhidm-02.unix.megafon.ru:389} 547bf945000005730000 5
571895c000205730000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 86
ldap://msk-rhidm-01.unix.megafon.ru:389} 547b84aa000000560000 550
be1f3000600560000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 96
ldap://sib-rhidm01.unix.megafon.ru:389} 54783af1000000600000 5580
f063000000600000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 91
ldap://vlg-rhidm01.unix.megafon.ru:389} 547869c80000005b0000 5580
03a00003005b0000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 97
ldap://sib-rhidm02.unix.megafon.ru:389} 54783af0000000610000 557f
bf0d000b00610000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1095
ldap://sib-rhidm03.unix.megafon.ru:389} 5478452d000004470000 55
34c492000404470000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1090
ldap://url-rhidm01.unix.megafon.ru:389} 547851bc000004420000 54
e701c8000004420000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1195
ldap://url-rhidm02.unix.megafon.ru:389} 5478632a000004ab0000 55
78184d000004ab0000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1290
ldap://vlg-rhidm03.unix.megafon.ru:389} 547bfe130000050a0000 55
52f02e0004050a0000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1495
ldap://vlg-rhidm02.unix.megafon.ru:389} 547c3fb1000005d70000 55
669747000305d70000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1695
ldap://cnt-rhidm02.unix.megafon.ru:389} 547c4ddc0000069f0000 54
7c4de60002069f0000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1590
ldap://nw-rhidm01.unix.megafon.ru:389} 548a8052000006360000 548
a805c000706360000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1795
ldap://dv-rhidm01.unix.megafon.ru:389} 548a894c000007030000 54e
3d4ee000507030000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1895
ldap://dv-rhidm02.unix.megafon.ru:389} 54e2d305000007670000 557
809c5000007670000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1585
ldap://nw-rhidm01.unix.megafon.ru:389} 54e5b04a000006310000 557
6c6dd000606310000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1995
ldap://nw-rhidm02.unix.megafon.ru:389} 555ac86c000007cb0000 555
ac86d000307cb0000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1990
ldap://nw-rhidm02.unix.megafon.ru:389} 5576acc9000007c60000 557
6acca000107c60000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1985
ldap://nw-rhidm02.unix.megafon.ru:389} 5576b866000007c10000 557
6b867000107c10000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1980
ldap://nw-rhidm02.unix.megafon.ru:389} 5576c6ef000007bc0000 557
6c6f0000107bc0000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1085
ldap://kvk-rhidm01.unix.megafon.ru:389} 557fb8740000043d0000 55
7fb8760000043d0000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 1080
ldap://kvk-rhidm01.unix.megafon.ru:389} 557fbf1d000004380000 55
7fbf1e000104380000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: for replica o=ipaca there were some
differences between the changelog max RUV and the database RUV. If
there are obsolete elements in the database RUV, you should remove them using
the CLEANALLRUV task. If they are not obsolete, you should check their status
to see why there are no changes from tho
se servers in the changelog.
[17/Jun/2015:10:07:59 +0600] set_krb5_creds - Could not get initial credentials
for principal [ldap/kvk-rhidm02.unix.megafon...@unix.megafon.ru] in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328324
(Generic error (see e-text))
[17/Jun/2015:10:07:59 +0600] attrlist_replace - attr_replace (nsslapd-referral,
ldap://msk-rhidm-03.unix.megafon.ru:389/o%3Dipaca) failed.
[17/Jun/2015:10:07:59 +0600] attrlist_replace - attr_replace (nsslapd-referral,
ldap://msk-rhidm-03.unix.megafon.ru:389/o%3Dipaca) failed.
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 11
ldap://msk-rhidm-02.unix.megafon.ru:389} 547bf9110000000b0000 557
fee720005000b0000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 9
ldap://msk-rhidm-01.unix.megafon.ru:389} 547b8469000000090000 557f
bb84000d00090000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 4
ldap://sib-rhidm01.unix.megafon.ru:389} 54783b0a000000040000 557fb
b84000c00040000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 8
ldap://vlg-rhidm01.unix.megafon.ru:389} 5478696c000000080000 55803
311000b00080000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 3
ldap://sib-rhidm02.unix.megafon.ru:389} 54783ab6000000030000 557fb
f6c000900030000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 5
ldap://sib-rhidm03.unix.megafon.ru:389} 547844f4000000050000 557fb
b82000e00050000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 7
ldap://url-rhidm02.unix.megafon.ru:389} 547862f0000000070000 557fb
b82002b00070000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 12
ldap://vlg-rhidm03.unix.megafon.ru:389} 547bfdbb0000000c0000 5580
2b370008000c0000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 13
ldap://vlg-rhidm02.unix.megafon.ru:389} 547c3f560000000d0000 557f
bb8a0004000d0000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 14
ldap://cnt-rhidm01.unix.megafon.ru:389} 547c4a320000000e0000 557f
f65d0003000e0000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 15
ldap://cnt-rhidm02.unix.megafon.ru:389} 547c4da10000000f0000 557f
bb8a0009000f0000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 17
ldap://dv-rhidm01.unix.megafon.ru:389} 548a8909000000110000 557fb
b82002900110000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 18
ldap://dv-rhidm02.unix.megafon.ru:389} 54e2d2bc000000120000 557fb
b8a000100120000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 19
ldap://nw-rhidm01.unix.megafon.ru:389} 54e5b04e001000130000 557fb
b8e000200130000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 23
ldap://nw-rhidm02.unix.megafon.ru:389} 5576c6bb000000170000 557fb
b91000000170000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin - ruv_compare_ruv: RUV
[changelog max RUV] does not contain element [{replica 25
ldap://kvk-rhidm01.unix.megafon.ru:389} 557fbe89001700190000 557f
e327000200190000] which is present in RUV [database RUV]
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: for replica dc=unix,dc=megafon,dc=ru
there were some differences between the changelog max RUV and the d
atabase RUV. If there are obsolete elements in the database RUV, you should
remove them using the CLEANALLRUV task. If they are not obsolete, you should
check their status to see why there are no
changes from those servers in the changelog.
[17/Jun/2015:10:07:59 +0600] slapd_ldap_sasl_interactive_bind - Error: could
not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local
error) (SASL(-1): generic failure: GSSAPI Err
or: Unspecified GSS failure. Minor code may provide more information (No
Kerberos credentials available)) errno 0 (Success)
[17/Jun/2015:10:07:59 +0600] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local
error)
[17/Jun/2015:10:07:59 +0600] NSMMReplicationPlugin -
agmt="cn=meTomsk-rhidm-03.unix.megafon.ru" (msk-rhidm-03:389): Replication bind
with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1):
generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide
more information (No Kerberos credentials available))
[17/Jun/2015:10:07:59 +0600] attrcrypt - No symmetric key found for cipher AES
in backend changelog, attempting to create one...
[17/Jun/2015:10:07:59 +0600] attrcrypt - Key for cipher AES successfully
generated and stored
[17/Jun/2015:10:07:59 +0600] attrcrypt - No symmetric key found for cipher 3DES
in backend changelog, attempting to create one...
[17/Jun/2015:10:07:59 +0600] attrcrypt - Key for cipher 3DES successfully
generated and stored
[17/Jun/2015:10:07:59 +0600] - slapd started. Listening on All Interfaces port
389 for LDAP requests
[17/Jun/2015:10:07:59 +0600] - Listening on All Interfaces port 636 for LDAPS
requests
[17/Jun/2015:10:07:59 +0600] - Listening on
/var/run/slapd-UNIX-MEGAFON-RU.socket for LDAPI requests
[17/Jun/2015:10:08:02 +0600] NSMMReplicationPlugin -
agmt="cn=meTomsk-rhidm-03.unix.megafon.ru" (msk-rhidm-03:389): Replication bind
with GSSAPI auth resumed
[17/Jun/2015:10:08:03 +0600] - slapd shutting down - signaling operation
threads - op stack size 2 max work q size 2 max work q stack size 2
[17/Jun/2015:10:08:03 +0600] - slapd shutting down - waiting for 28 threads to
terminate
[17/Jun/2015:10:08:03 +0600] - slapd shutting down - closing down internal
subsystems and plugins
[17/Jun/2015:10:08:03 +0600] NSMMReplicationPlugin -
agmt="cn=meTomsk-rhidm-03.unix.megafon.ru" (msk-rhidm-03:389): Warning:
Attempting to release replica, but unable to receive endReplication exte
nded operation response from the replica. Error -5 (Timed out)
[17/Jun/2015:10:08:03 +0600] - Waiting for 4 database threads to stop
[17/Jun/2015:10:08:04 +0600] - All database threads now stopped
[17/Jun/2015:10:08:04 +0600] - slapd shutting down - freed 2 work q stack
objects - freed 2 op stack objects
[17/Jun/2015:10:08:04 +0600] - slapd stopped.
[17/Jun/2015:10:08:06 +0600] SSL Initialization - Configured SSL version range:
min: TLS1.0, max: TLS1.2
[17/Jun/2015:10:08:06 +0600] - SSL alert: Configured NSS Ciphers
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, June 17, 2015 3:19 PM
To: Alexander Frolushkin (SIB)
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] replication conflicts
On 06/17/2015 11:03 AM, Alexander Frolushkin wrote:
This is correct, thank you for understanding and for helping!
Replica with id 26 was created today, this is our new server which was included
in domain just a few hours ago. Looks like this dup came right after this new
replica creation.
so on which servers does the "nsuniqueid" entry exist ?
can you check for 5580f3210000001a0000 in the access log of replica 26, then
check the errro log around this time and eventually the replica install log
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, June 17, 2015 2:58 PM
To: Alexander Frolushkin (SIB)
Cc: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com>
Subject: Re: [Freeipa-users] replication conflicts
Hi,
you did send the data directly to me, maybe not wanting to share them to
everyone. I'll continue discussion here, trying to be careful.
The "good" entry was created in April on replica 12 "0x0c"
createTimestamp;vucsn-5524d42b0067000c0000: 20150408070720Z
the "nsuniqueid" entry was created today on replica 26 "0x1a"
createTimestamp;vucsn-5580f3210000001a0000: 20150617040801Z
if the original entry would have existed on replica26 the new add should have
been rejected, if it was not there the question is why.
Do you have any additional info on replica 26, when was it created, was it
disconnected for some time ??
Ludwig
On 06/17/2015 08:13 AM, Alexander Frolushkin wrote:
Hello.
Another example. Today appeared on servers of different site.
Original LDIF:
# extended LDIF
#
# LDAPv3
# base <cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# System: Manage Host Keytab, permissions, pbac, unix.megafon.ru
dn: cn=System: Manage Host Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc
=ru
ipaPermTargetFilter: (objectclass=ipahost)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Host Keytab
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru
member: cn=Host Administrators,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru
ipaPermDefaultAttr: krbprincipalkey
ipaPermDefaultAttr: krblastpwdchange
ipaPermLocation: cn=computers,cn=accounts,dc=unix,dc=megafon,dc=ru
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Duplicate:
# extended LDIF
#
# LDAPv3
# base <cn=System: Manage Host
Keytab+nsuniqueid=708bba65-14a611e5-8a48fd19-df27ff01,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru>
with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# System: Manage Host Keytab + 708bba65-14a611e5-8a48fd19-df27ff01, permissio
ns, pbac, unix.megafon.ru
dn: cn=System: Manage Host Keytab+nsuniqueid=708bba65-14a611e5-8a48fd19-df27ff
01,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru
ipaPermTargetFilter: (objectclass=ipahost)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Host Keytab
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru
member: cn=Host Administrators,cn=privileges,cn=pbac,dc=unix,dc=megafon,dc=ru
ipaPermDefaultAttr: krbprincipalkey
ipaPermDefaultAttr: krblastpwdchange
ipaPermLocation: cn=computers,cn=accounts,dc=unix,dc=megafon,dc=ru
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
No other servers in IPA domain have such duplicates.
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
From: freeipa-users-boun...@redhat.com<mailto:freeipa-users-boun...@redhat.com>
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Ludwig Krispenz
Sent: Tuesday, June 16, 2015 3:52 PM
To: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com>
Subject: Re: [Freeipa-users] replication conflicts
On 06/16/2015 11:42 AM, Alexander Frolushkin wrote:
Hello.
Just to remind if somebody still not familiar with our IPA installation :)
We currently have 18 IPA servers in domain, on 8 sites in different regions
across the Russia.
And now, our new problem.
Regularly we getting a nsds5ReplConflict records on some of our servers, very
often on servers from specific site. Usually it is simply a doubles and we can
remove the renamed change to get everything back. But why do we have them at
all?
May be someone could explain, how we can detect the cause of this replication
conflicts?
if you are talking about having two "duplicate" entries,
one: uid=xxxxx,<suffix>
one: nsuniqueid=nnnnnnnn+uid=xxxxx,<suffix>
these entries appear if the entry uid=xxxxx was added, simultaneously, on two
servers. I think this can happen if a client tries to add an entry and if it
doesn't get a response in some time retries on another server.
to find out which client this is you need to check on which servers the entries
were originally added and then see which client was doing it
Sometime it is moderately harmful, because, for example HBAC stops working on
specific server while doubles still present.
Thanks in forward...
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
________________________________
Информация в этом сообщении предназначена исключительно для конкретных лиц,
которым она адресована. В сообщении может содержаться конфиденциальная
информация, которая не может быть раскрыта или использована кем-либо, кроме
адресатов. Если вы не адресат этого сообщения, то использование, переадресация,
копирование или распространение содержания сообщения или его части незаконно и
запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно
сообщите отправителю об этом и удалите со всем содержимым само сообщение и
любые возможные его копии и приложения.
The information contained in this communication is intended solely for the use
of the individual or entity to whom it is addressed and others authorized to
receive it. It may contain confidential or legally privileged information. The
contents may not be disclosed or used by anyone other than the addressee. If
you are not the intended recipient(s), any use, disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on it is
prohibited and may be unlawful. If you have received this communication in
error please notify us immediately by responding to this email and then delete
the e-mail and all attachments and any copies thereof.
(c)20mf50
________________________________
Информация в этом сообщении предназначена исключительно для конкретных лиц,
которым она адресована. В сообщении может содержаться конфиденциальная
информация, которая не может быть раскрыта или использована кем-либо, кроме
адресатов. Если вы не адресат этого сообщения, то использование, переадресация,
копирование или распространение содержания сообщения или его части незаконно и
запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно
сообщите отправителю об этом и удалите со всем содержимым само сообщение и
любые возможные его копии и приложения.
The information contained in this communication is intended solely for the use
of the individual or entity to whom it is addressed and others authorized to
receive it. It may contain confidential or legally privileged information. The
contents may not be disclosed or used by anyone other than the addressee. If
you are not the intended recipient(s), any use, disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on it is
prohibited and may be unlawful. If you have received this communication in
error please notify us immediately by responding to this email and then delete
the e-mail and all attachments and any copies thereof.
(c)20mf50
________________________________
Информация в этом сообщении предназначена исключительно для конкретных лиц,
которым она адресована. В сообщении может содержаться конфиденциальная
информация, которая не может быть раскрыта или использована кем-либо, кроме
адресатов. Если вы не адресат этого сообщения, то использование, переадресация,
копирование или распространение содержания сообщения или его части незаконно и
запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно
сообщите отправителю об этом и удалите со всем содержимым само сообщение и
любые возможные его копии и приложения.
The information contained in this communication is intended solely for the use
of the individual or entity to whom it is addressed and others authorized to
receive it. It may contain confidential or legally privileged information. The
contents may not be disclosed or used by anyone other than the addressee. If
you are not the intended recipient(s), any use, disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on it is
prohibited and may be unlawful. If you have received this communication in
error please notify us immediately by responding to this email and then delete
the e-mail and all attachments and any copies thereof.
(c)20mf50
________________________________
Информация в этом сообщении предназначена исключительно для конкретных лиц,
которым она адресована. В сообщении может содержаться конфиденциальная
информация, которая не может быть раскрыта или использована кем-либо, кроме
адресатов. Если вы не адресат этого сообщения, то использование, переадресация,
копирование или распространение содержания сообщения или его части незаконно и
запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно
сообщите отправителю об этом и удалите со всем содержимым само сообщение и
любые возможные его копии и приложения.
The information contained in this communication is intended solely for the use
of the individual or entity to whom it is addressed and others authorized to
receive it. It may contain confidential or legally privileged information. The
contents may not be disclosed or used by anyone other than the addressee. If
you are not the intended recipient(s), any use, disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on it is
prohibited and may be unlawful. If you have received this communication in
error please notify us immediately by responding to this email and then delete
the e-mail and all attachments and any copies thereof.
(c)20mf50
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
