On 08/29/2018 08:56 AM, Alexander Bokovoy via FreeIPA-users wrote:
On ke, 29 elo 2018, Quan Zhou via FreeIPA-users wrote:
I have a similar question, should the audit logs be enabled on the
master
or replicas? If it's only enabled on replicas would the date be
consistent
with the actual date
On 07/17/2018 01:15 PM, Alexander Bokovoy via FreeIPA-users wrote:
On ti, 17 heinä 2018, Kees Bakker wrote:
On 17-07-18 11:48, Alexander Bokovoy wrote:
On ti, 17 heinä 2018, Kees Bakker wrote:
To modify you'd rather use ipa-ldap-updater tool which manages
automatically this for you when an
On 05/09/2018 10:29 AM, Bart via FreeIPA-users wrote:
As described in this issue: https://pagure.io/389-ds-base/issue/49660 I updated
sssd and things started working again.
thanks for confirmation
___
FreeIPA-users mailing list --
On 04/15/2018 09:26 PM, TomK via FreeIPA-users wrote:
Hey Guy's,
Not 'really' an issue but curious about the logic behind this scenario.
I get a message saying "Your password expires in 4 days." So I go to
change it for the admin user (I'm reusing the same pass) and type it
in but then get
Hi,
when extracting the relevant data, we see:
[root@ipa14 ~]
dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config
nsds5replicaid: 6
nsds50ruv: {replicageneration} 58987e190006
nsds50ruv: {replica 6 ldap://ipa14.bpo.cxn:389} 58987e1c0006
5ad071530006
nsds50ruv: {replica
On 04/13/2018 08:25 AM, Sandor Juhasz via FreeIPA-users wrote:
Hello,
we are using freeipa in a 4way multi master replication setup.
Servers ipa14,ipa15 and ipa34,ipa35 on
CentOS Linux release 7.3.1611 (Core) with version
ipa-server-common-4.4.0-14.el7.centos.7.noarch.
We have an issue where
On 04/05/2018 11:28 PM, Gavin Williams via FreeIPA-users wrote:
Petr
Yeh, I was unable to see the suffixes and replication agreements via
the WebUI.
However searching using ldapsearch, they were still present. So I
tracked the issue down to my named user account not having enough
On 03/14/2018 09:10 AM, Harald Dunkel via FreeIPA-users wrote:
Hi Ludwig,
On 03/13/18 14:47, Ludwig Krispenz via FreeIPA-users wrote:
On 03/13/2018 09:07 AM, Harald Dunkel via FreeIPA-users wrote:
Hi Ludwig,
On 03/12/18 17:10, Ludwig Krispenz via FreeIPA-users wrote:
Hi,
to get rid
On 03/13/2018 09:07 AM, Harald Dunkel via FreeIPA-users wrote:
Hi Ludwig,
On 03/12/18 17:10, Ludwig Krispenz via FreeIPA-users wrote:
Hi,
to get rid of this ruv entry with replicaid 7 you could try to run
the cleanallruv task directly. On any server (and onöy on one) run
ldapmodify
Hi,
to get rid of this ruv entry with replicaid 7 you could try to run the
cleanallruv task directly. On any server (and onöy on one) run
ldapmodify . -D "cn=directory manager"
|dn: cn=clean 7, cn=cleanallruv, cn=tasks, cn=config
changetype: add
objectclass: extensibleObject
well, looks like someone or something is stopping your slapd process, it
does not shutdown by itself. Could it be a "watchdog", checking for
resource consumption on your machine and if memopry or cpu usage is too
high stopping it ?
If you just want to workaround, pipe the result of your
On 02/09/2018 10:50 AM, Alex M via FreeIPA-users wrote:
Ludwig, thank you for reply!
One more question, if the one of the ldap path differs, the structure of
update.ldif file is something like this:
yes, but depending on the version od DS you use, you may need to set
nsslapd-cache-autosize:
On 02/09/2018 10:23 AM, Alex M via FreeIPA-users wrote:
Martin, thank you for the reply.
Does it support multiple modification lines at the same time?
yes, but you need to separate the mods, like:
dn: cn=config,cn=ldbm database,cn=plugins,cn=config
changetype: modify
replace:
Hi Harri,
the suffix object maintains a list of referrals to be returned if the
server is in read only mode. It is updated based on the supplier ruv and
only uses the url. If a ruv contains the same url for different replica
ids these errors are logged. It should be fixed in 1.3.6 now, see:
On 01/11/2018 02:36 PM, Rob Crittenden via FreeIPA-users wrote:
lejeczek via FreeIPA-users wrote:
hi everyone
when I see this in replica install log:
..
2018-01-11T12:46:31Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-PRIVATE-xx.xx.PRIVATE-CAM-AC-UK/ -L -n
PRIVATE.xx.xx.PRIVATE.xx.xx.x
nscpentrywsi
On 12/01/2017 09:53 AM, skrawczenko--- via FreeIPA-users wrote:
I wish you were right but
ldapsearch -D "cn=directory manager" -W -b cn=,cn=replicas,cn=ipa,cn=etc,dc= ncpentrywsi
dn: cn=,cn=replicas,cn=ipa,cn=etc,dc=
# search result
search: 2
result: 0 Success
Please any
you can see nscpentrywsi only as "cn=directory manager", and your mods
for ipacnfigstring were also done as directory manager, but you search
as another user. The attribute is probably there, but access control
prevents to see it.
On 11/30/2017 11:02 AM, skrawczenko--- via FreeIPA-users
uot; "parentid>=1"
On 15 November 2017 at 15:17, Ludwig Krispenz via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> wrote:
On 11/15/2017 07:40 AM, Mike Johnson via FreeIPA-users wrote:
I should add that I deleted/moved the large DB file as it was on the
single remaini
On 11/14/2017 11:40 AM, Mike Johnson via FreeIPA-users wrote:
Hi
I've got a small environment which had until recently 2 IPA servers.
Both CentOS 7.4.1708
Version info:
id1:
Name: ipa-server
Version : 4.5.0
Release : 21.el7.centos.2.2
Kernel: 3.10.0-693.5.2.el7.x86_64
On 10/30/2017 03:56 AM, Sergei Gerasenko via FreeIPA-users wrote:
Hi,
When searching for RUVs, agreements, etc, the following ldapsearch
command can be used:
ldapsearch -xLLL -h HOST -D "cn=directory manager" -W -b cn=config
cn=replica nsds50ruv -o ldif-wrap=no
That seems to work. The
would be nice to include the problem description again, but if you are
referring to:
[26/Aug/2017:21:39:32.891818412 +] NSMMReplicationPlugin - changelog
program - agmt="cn=meTo**.com" (**:389): CSN
597276fb0005000a not found, we aren't as up to date, or we purged
On 09/07/2017 03:21 AM, Fraser Tweedale via FreeIPA-users wrote:
On Wed, Sep 06, 2017 at 02:05:56PM -0400, Anthony Clark via FreeIPA-users wrote:
It may possibly be related to this, but this is marked as fixed for 4.3:
https://pagure.io/freeipa/issue/5456
I'm on 4.4.0-14.el7.centos.7
A user
This is issue: https://pagure.io/389-ds-base/issue/49334
On 08/30/2017 09:01 AM, Jochen Hein via FreeIPA-users wrote:
I've upgraded my FreeIPA servers to CentOS 7.5 (CR). After that I have
the following new messages during backup:
Aug 30 01:34:34 freeipa1 ns-slapd:
On 08/01/2017 04:42 PM, pgb 205 via FreeIPA-users wrote:
ok thats great news! But I just want to make sure even if the server IS ALREADY
DOWN due to this bug we can still manually edit the database (dse.ldif) for
this value and then bring up the processes. Would that work?
yes, that should
On 07/28/2017 07:56 PM, Jake via FreeIPA-users wrote:
All I see are responses like yours, how about a link or add it to the
documentation since it's such a problem?!
if the ruvs cannot be decoded, the ipa command line utility does not
work, you have to execute a plain cleanallruv task, an
On 07/28/2017 03:25 PM, email--- via FreeIPA-users wrote:
I have no idea what that means, cn=servers has child objects that do
exist on both servers. Is there a way to force replicate from another
node and overwrite all local conflicts.
the conflicts arise by replication as I tried to
On 07/27/2017 07:49 PM, email--- via FreeIPA-users wrote:
This is a new one, any ideas on how to get this to sync?
ldapsearch -x -D "cn=directory manager" -W -b
"dc=ipa,dc=example,dc=com" "nsds5ReplConflict=*" \* nsds5ReplConflict
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base
looks like you lost your configuration files dse.ldif and its backup as well
could you check what you have in /etc/dirsrv/slapd-
you can try to copy one of the *dse.ldif* to dse.ldif and try to
restart, but that file maybe up to date.
Ludwig
On 07/14/2017 04:22 PM, email--- via FreeIPA-users
On 06/27/2017 07:36 PM, Devin Acosta via FreeIPA-users wrote:
I am running the latest CentOS 7.3 / FreeIPA release and it appears
that my replication got broke.
[27/Jun/2017:17:28:58.705411461 +] NSMMReplicationPlugin -
agmt="cn=meTolasdc-lmfpa-002.lxi.m451.tech" (lasdc-lmfpa-002:389):
On 06/20/2017 02:31 PM, john.bowman--- via FreeIPA-users wrote:
These steps wouldn't be documented somewhere would they?
no, I am not aware of
I did find this older thread:
https://www.redhat.com/archives/freeipa-users/2016-August/msg00035.html
Something similar to those steps?
this
Hi,
unfortunately replication conflicts for managed entries have additional
difficulties. The origin and managed entries reference the
"non-conflict" entry and teh managed entry plugin prevents the deletion
of a managed entry via ldapmodify.
To procede in cleanup you could try to remove the
looks like you have a one directional topology segment on each server,
they are created from existing replication agreements when raising the
domain lvel, they should be replicated and merged to one bi-directional
segment - so it looks like replication was not working already back then.
to
32 matches
Mail list logo
