Hi, again, please always keep freeipa-users@redhat.com in Cc of your e-mails. This is not a private support channel.
Ludwig, do you know if dataversion is expected to be consistent among all replicas or not? I would not expect consistent values. https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/rootdse-attributes.html#dataversion did not answer this question. If we find out the right answer we should extend the description in documentation. Petr^2 Spacek On 24.8.2016 12:12, bahan w wrote: > Re. > > I checked the conflicts but I didn't find any between the two servers. > ### > > ldapsearch -x -D "cn=directory manager" -W -b "dc=<MY REALM>" > "nsds5ReplConflict=*" \* nsds5ReplConflict > ### > > The only thing I see is that one my master is in IPA 3.0.0.42 and another > is IPA 3.0.0.47. > The server with a problem of synchronization is 3.0.0.47. > > Here is a partial result from the command on each server: > ### > ldapsearch -Y GSSAPI -h `hostname` -b "" -s base > ### > > On the server OK > ### > > vendorVersion: 389-Directory/1.2.11.15 B2015.247.1737 > dataversion: 020160823201940 > > ### > > > On the server with the problem of sync : > > ### > > vendorVersion: 389-Directory/1.2.11.15 B2015.022.1831 > dataversion: 020160823195011 > ### > > Is the field dataversion the timestamp of the last version of the ldap > database ? > > I'm going to increase loglevel to DEBUG this afternoon before anything. > > I found this in the red hat doc : > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/ipa-replica-manage.html > > ### > 28.5.4. Reinitializing IdM Servers > When a replica is first created, the database of the master server is > copied, completely, over to the replica database. This process is called > *initialization*. If a server/replica is offline for a long period of time > or there is some kind of corruption in its database, then the server can be > re-initialized, with a fresh and updated set of data. > This is done using the re-initialize command. The target server being > initialized is the local host. The server or replica from which to pull the > data to initialize the local database is specified in the --from option: > > [root@server ~]# ipa-replica-manage re-initialize --from srv1.example.com > > ### > > Do you know if it is available in IPA 3.0.0.47 ? > > Best regards. > > Bahan > > On Wed, Aug 24, 2016 at 11:50 AM, bahan w <bahanw042...@gmail.com> wrote: > >> Hello Petr, Orion. >> >> I checked the errors log from the dirsrv on both masters and I found >> nothing related to an error with the replication plugin. >> >> I also performed all the tests described in the link Petr provided. Thank >> you for this. Every one of this command is OK on both masters. >> >> I'm checking the access logs from dirsrv now. >> >> Any other tracks to follow ? Increase the log level on the replica failing >> to sync ? >> >> Best regards. >> >> Bahan >> >> On Wed, Aug 24, 2016 at 8:41 AM, Petr Spacek <pspa...@redhat.com> wrote: >> >>> On 23.8.2016 22:44, bahan w wrote: >>>> Hello ! >>>> >>>> I am using IPA 3.0.0 on RedHat 6.6 servers. >>>> >>>> I have two masters and this evening, I realized that one of them was >>>> desynchronized, some users and groups were missing. >>>> >>>> I was wondering if there was an ipa command to resynchronize replica >>> which >>>> are not sync with the other ? >>> >>> First of all, it is necessary to find out replication does not work. >>> >>> Please see >>> http://www.freeipa.org/page/Troubleshooting#Replication_issues >>> >>> -- >>> Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project