On 04/26/2016 02:02 PM, Anton Rubets wrote: > Hhi all > > I have issues with replication between to FreeIPA server > > In maters log > > [26/Apr/2016:10:38:12 +0200] attrlist_replace - attr_replace > (nsslapd-referral, > ldap://ldap2.domain:389/o%3Dipaca) failed. > [26/Apr/2016:10:38:12 +0200] attrlist_replace - attr_replace > (nsslapd-referral, > ldap://ldap2.domain:389/o%3Dipaca) failed. > [26/Apr/2016:10:38:12 +0200] attrlist_replace - attr_replace > (nsslapd-referral, > ldap://ldap2.domain389/o%3Dipaca) failed. > [26/Apr/2016:10:39:35 +0200] slapi_ldap_bind - Error: could not send startTLS > request: error -1 (Can't contact LDAP server) errno 2 (No such file or > directory) > > > On replica server > > > [26/Apr/2016:08:38:12 +0000] attrlist_replace - attr_replace > (nsslapd-referral, > ldap://ldap1.domain:389/o%3Dipaca) failed. > [26/Apr/2016:08:43:13 +0000] attrlist_replace - attr_replace > (nsslapd-referral, > ldap://ldap1domain:389/o%3Dipaca) failed. > [26/Apr/2016:08:43:13 +0000] attrlist_replace - attr_replace > (nsslapd-referral, > ldap://ldap1.domain:389/o%3Dipaca) failed. > [26/Apr/2016:08:43:13 +0000] attrlist_replace - attr_replace > (nsslapd-referral, > ldap://ldap1.domain:389/o%3Dipaca) failed.
This is a symptom of dangling RUVs (replica update vector) of previously removed replicas. It happens when replica is removed using: # ipa-replica-manage del $replica # ipa-server-install --uninstall (on replica) without running: # ipa-csreplica-manage del $replica first resolution is to clear the RUVs manually using clean ruv DS task becase ipa-csreplica-manage doesn't have support for it. FreeIPA 4.4 will receive a new command which will handle bot suffixes automatically - #5411. The instructions can found on the list: * https://www.redhat.com/archives/freeipa-users/2015-June/msg00386.html * https://www.redhat.com/archives/freeipa-users/2015-June/msg00416.html and * http://www.port389.org/docs/389ds/FAQ/troubleshoot-cleanallruv.html * or general procedure for future feature: https://fedorahosted.org/freeipa/ticket/5411#comment:7 Important: Be very careful not to remove RUVs of existing replicas. > > > And i can't find source of this problem. I have checked permission and etc. > As > i see replica is working but this message disturb my email every few minutes > and > i wanna somehow fix this. Also I just migrate from 3.0 to 4.2. > Info: > Master : > rpm -qa | grep ipa > ipa-server-dns-4.2.0-15.0.1.el7.centos.6.x86_64 > ipa-admintools-4.2.0-15.0.1.el7.centos.6.x86_64 > sssd-ipa-1.13.0-40.el7_2.2.x86_64 > ipa-client-4.2.0-15.0.1.el7.centos.6.x86_64 > libipa_hbac-1.13.0-40.el7_2.2.x86_64 > python-libipa_hbac-1.13.0-40.el7_2.2.x86_64 > python-iniparse-0.4-9.el7.noarch > ipa-python-4.2.0-15.0.1.el7.centos.6.x86_64 > ipa-server-4.2.0-15.0.1.el7.centos.6.x86_64 > > Replica: > rpm -qa | grep ipa > sssd-ipa-1.13.0-40.el7_2.2.x86_64 > ipa-admintools-4.2.0-15.0.1.el7.centos.6.1.x86_64 > libipa_hbac-1.13.0-40.el7_2.2.x86_64 > ipa-client-4.2.0-15.0.1.el7.centos.6.1.x86_64 > ipa-python-4.2.0-15.0.1.el7.centos.6.1.x86_64 > ipa-server-dns-4.2.0-15.0.1.el7.centos.6.1.x86_64 > python-libipa_hbac-1.13.0-40.el7_2.2.x86_64 > python-iniparse-0.4-9.el7.noarch > ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64 > > > Best Regards > Anton Rubets -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project