This issue started when trying to remove a user; ipa user-del showed “operation 
failed” and the user was not removed.  The same ipa user-del command was 
performed on a replica and completed successfully, but it was then immediately 
apparent that this change did not replicate anywhere else.  All of the replicas 
then were re-initalized using "ipa-replica-manage re-initialize” and now the 
LDAP trees/users are consistent though no further changes have been made.

The slapd error logs are showing repeated instances of

DSRetroclPlugin - replog: an error occured while adding change number 112697, 
dn = changenumber=112697,cn=changelog: Already exists.
retrocl-plugin - retrocl_postob: operation failure [68]

Package versions are

ipa-replica-manage list-ruv
ipa: WARNING: session memcached servers not running
unable to decode: {replica 11} 56044ef50000000b0000 56044ef50000000b0000
unable to decode: {replica 7} 561f17ba000800070000 561f17ba000800070000
unable to decode: {replica 5} 561f17bc000300050000 561f17bc000300050000
unable to decode: {replica 9} 561f17ba000a00090000 561f17ba000a00090000
unable to decode: {replica 4} 561f17ba000300040000 561f17ba000300040000 
(These are likely leftovers from the previous incarnation of these servers on a 
RHEL6-like setup)
ipa07:389: 16
ipa02:389: 13
ipa03:389: 14
ipa01:389: 12
ipa04:389: 15
ipa05:389: 17

Thanks much,

"This message and any attachments may contain confidential information. If you
have received this  message in error, any use or distribution is prohibited. 
Please notify us by reply e-mail if you have mistakenly received this message,
and immediately and permanently delete it and any attachments. Thank you."

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to