Re: [Freeipa-users] What am I missing? ipaca?
Hi, Wiadomość napisana przez Martin Kosek mko...@redhat.com w dniu 24 mar 2015, o godz. 17:08: Right. Maybe you reinstalled IPA replica (several times) without cleaning the RUV? With # ipa-replica-manage list-ruv # ipa-replica-manage clean-ruv you should be able to clean the old (lower) RUVs and see if the error disappears. More info in man ipa-replica-manage and on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-topology.html#cleanruv Martin After cleanruv looks better. But I had some problems with ipa-replica-manage 1. loks like ipa-replica-manage works only with dc=x replicas, not o=ipaca 2. There is no option clean-ruv in ipa-csreplica-manage Best regards, Ender -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] What am I missing? ipaca?
Hello, Sorry for the late answer. Those entries are named RUV. host25.x1.net RUV contains nscpentrywsi: nsds50ruv: {replicageneration} 550feb150060 nscpentrywsi: nsds50ruv: {replica 96 ldap://host25.x1.net:389} 550feb1d0060 551129d70060 nscpentrywsi: nsds50ruv: {replica 1195 ldap://host28.x1.net:389} 550feed904ab 551129d7000804ab *nscpentrywsi: nsds50ruv: {replica 1685 ldap://host68.x1.net:389} 551016e70695 551016e800030695 nscpentrywsi: nsds50ruv: {replica 1690 ldap://host68.x1.net:389} 551012ed069a 551012ee0001069a nscpentrywsi: nsds50ruv: {replica 1695 ldap://host68.x1.net:389} 55100d8b069f 55100d8c0001069f* nscpentrywsi: nsds50ruv: {replica 91 ldap://host51.x2:389} 550ff144005b 551113bd0003005b nscpentrywsi: nsds50ruv: {replica 97 ldap://host26.x1.net:389} 550feb270061 5511271100040061 nscpentrywsi: nsds50ruv: {replica 1095 ldap://host27.x1.net:389} 550fecef0447 55111c8b00050447 nscpentrywsi: nsds50ruv: {replica 1295 ldap://host52.x2:389} 550ff348050f 5511138e000b050f nscpentrywsi: nsds50ruv: {replica 1395 ldap://host32.x2:389} 550ff5ed0573 55110c8500030573 nscpentrywsi: nsds50ruv: {replica 1495 ldap://host33.x2:389} 550ff83705d7 551125b1000105d7 *nscpentrywsi: nsds50ruv: {replica 1595 ldap://host18.x2:389} 550ffc6b063b 550ffc6c0001063b nscpentrywsi: nsds50ruv: {replica 1590 ldap://host18.x2:389} 551a0636 551b00010636 nscpentrywsi: nsds50ruv: {replica 1585 ldap://host18.x2:389} 551003850631 5510038700010631* So host68:389 and host18:389 are masters for the same suffix (o=ipaca) but with different replica Identifier (1685,1690,1695 and 1585,1590,1595). Some of those Replica Identifiers are likely old one that need to cleared. Did you run CLEANRUV ? thanks thierry On 03/24/2015 11:20 AM, Łukasz Jaworski wrote: Hi, Wiadomość napisana przez thierry bordaz tbor...@redhat.com w dniu 24 mar 2015, o godz. 10:01: It seems that this error is logged each time a replication session is started. At the beginning of the session, the replica that receive the replication request, tries to update the referral list of the replicated suffix (replica) according to the metadata sent by the master. At this step, it fails with these logs. I would like to check the validity (duplicate ?) of if the referrals contained in the master metadata. Would it be possible you do the following command on all your instances: ldapsearch -h .. -pxxx -D cn=directory manager -w xxx -b o=ipaca ((objectclass=nstombstone)(nsUniqueId=---)) nscpentrywsi Servers: dc1: host25.x1.net: host26.x1.net: host27.x1.net: host28.x1.net: host68.x1.net: dc2: host51.x2: host52.x2: host32.x2: host33.x2: host18.x2: connected: 68 28 25 51 33 18 | | || | | || 27 26 52 32 host25.x1.net: # extended LDIF # # LDAPv3 # base o=ipaca with scope subtree # filter: ((objectclass=nstombstone)(nsUniqueId=---)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-s50026.x1.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaBindDN: cn=replication manager,cn=config nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-s41651.x2-pki-tomcat,ou=csusers,cn=config nscpentrywsi: cn: replica nscpentrywsi: nsDS5ReplicaId: 96 nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config nscpentrywsi: createTimestamp: 20150323102941Z nscpentrywsi: modifyTimestamp: 20150324090956Z nscpentrywsi: nsState:: YADcKRFVAgACAA== nscpentrywsi: nsDS5ReplicaName: 7bed7405-d14711e4-92bcd6f7-18cf6218 nscpentrywsi: numSubordinates: 3 nscpentrywsi: nsds50ruv: {replicageneration} 550feb150060 nscpentrywsi: nsds50ruv: {replica 96 ldap://host25.x1.net:389} 550feb1d0060 551129d70060 nscpentrywsi: nsds50ruv: {replica 1195 ldap://host28.x1.net:389} 550feed904ab 551129d7000804ab nscpentrywsi: nsds50ruv: {replica 1685 ldap://host68.x1.net:389} 551016e70695 551016e800030695 nscpentrywsi: nsds50ruv: {replica 1690 ldap://host68.x1.net:389} 551012ed069a
Re: [Freeipa-users] What am I missing? ipaca?
Hi, Wiadomość napisana przez thierry bordaz tbor...@redhat.com w dniu 24 mar 2015, o godz. 10:01: It seems that this error is logged each time a replication session is started. At the beginning of the session, the replica that receive the replication request, tries to update the referral list of the replicated suffix (replica) according to the metadata sent by the master. At this step, it fails with these logs. I would like to check the validity (duplicate ?) of if the referrals contained in the master metadata. Would it be possible you do the following command on all your instances: ldapsearch -h .. -pxxx -D cn=directory manager -w xxx -b o=ipaca ((objectclass=nstombstone)(nsUniqueId=---)) nscpentrywsi Servers: dc1: host25.x1.net: host26.x1.net: host27.x1.net: host28.x1.net: host68.x1.net: dc2: host51.x2: host52.x2: host32.x2: host33.x2: host18.x2: connected: 68 28 25 51 33 18 | | || | | || 27 26 52 32 host25.x1.net: # extended LDIF # # LDAPv3 # base o=ipaca with scope subtree # filter: ((objectclass=nstombstone)(nsUniqueId=---)) # requesting: nscpentrywsi # # replica, o\3Dipaca, mapping tree, config dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config nscpentrywsi: objectClass: top nscpentrywsi: objectClass: nsDS5Replica nscpentrywsi: objectClass: extensibleobject nscpentrywsi: nsDS5ReplicaRoot: o=ipaca nscpentrywsi: nsDS5ReplicaType: 3 nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-s50026.x1.net-pki-tomcat,ou=csusers,cn=config nscpentrywsi: nsDS5ReplicaBindDN: cn=replication manager,cn=config nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-s41651.x2-pki-tomcat,ou=csusers,cn=config nscpentrywsi: cn: replica nscpentrywsi: nsDS5ReplicaId: 96 nscpentrywsi: nsDS5Flags: 1 nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config nscpentrywsi: createTimestamp: 20150323102941Z nscpentrywsi: modifyTimestamp: 20150324090956Z nscpentrywsi: nsState:: YADcKRFVAgACAA== nscpentrywsi: nsDS5ReplicaName: 7bed7405-d14711e4-92bcd6f7-18cf6218 nscpentrywsi: numSubordinates: 3 nscpentrywsi: nsds50ruv: {replicageneration} 550feb150060 nscpentrywsi: nsds50ruv: {replica 96 ldap://host25.x1.net:389} 550feb1d0060 551129d70060 nscpentrywsi: nsds50ruv: {replica 1195 ldap://host28.x1.net:389} 550feed904ab 551129d7000804ab nscpentrywsi: nsds50ruv: {replica 1685 ldap://host68.x1.net:389} 551016e70695 551016e800030695 nscpentrywsi: nsds50ruv: {replica 1690 ldap://host68.x1.net:389} 551012ed069a 551012ee0001069a nscpentrywsi: nsds50ruv: {replica 1695 ldap://host68.x1.net:389} 55100d8b069f 55100d8c0001069f nscpentrywsi: nsds50ruv: {replica 91 ldap://host51.x2:389} 550ff144005b 551113bd0003005b nscpentrywsi: nsds50ruv: {replica 97 ldap://host26.x1.net:389} 550feb270061 5511271100040061 nscpentrywsi: nsds50ruv: {replica 1095 ldap://host27.x1.net:389} 550fecef0447 55111c8b00050447 nscpentrywsi: nsds50ruv: {replica 1295 ldap://host52.x2:389} 550ff348050f 5511138e000b050f nscpentrywsi: nsds50ruv: {replica 1395 ldap://host32.x2:389} 550ff5ed0573 55110c8500030573 nscpentrywsi: nsds50ruv: {replica 1495 ldap://host33.x2:389} 550ff83705d7 551125b1000105d7 nscpentrywsi: nsds50ruv: {replica 1595 ldap://host18.x2:389} 550ffc6b063b 550ffc6c0001063b nscpentrywsi: nsds50ruv: {replica 1590 ldap://host18.x2:389} 551a0636 551b00010636 nscpentrywsi: nsds50ruv: {replica 1585 ldap://host18.x2:389} 551003850631 5510038700010631 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;masterAgreement1-host26.x1.net-pki-tomcat;host26.x1.net;389;97;551129d70060 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;masterAgreement1-host28.x1.net-pki-tomcat;host28.x1.net;389;1195;551129d70060 nscpentrywsi: nsds5agmtmaxcsn: o=ipaca;cloneAgreement1-host51.x2-pki-tomcat;host51.x2;389;91;551129d70060 nscpentrywsi: nsruvReplicaLastModified: {replica 96 ldap://host25.x1.net:389} 551129d5 nscpentrywsi: nsruvReplicaLastModified: {replica 1195 ldap://host28.x1.net:389} 551129d8 nscpentrywsi: nsruvReplicaLastModified: {replica 1685 ldap://host68.x1.net:389} nscpentrywsi: nsruvReplicaLastModified: {replica 1690 ldap://host68.x1.net:389} nscpentrywsi: nsruvReplicaLastModified: {replica 1695 ldap://host68.x1.net:389} nscpentrywsi: nsruvReplicaLastModified:
Re: [Freeipa-users] What am I missing? ipaca?
On 03/24/2015 03:18 PM, thierry bordaz wrote: Hello, Sorry for the late answer. Those entries are named RUV. host25.x1.net RUV contains nscpentrywsi: nsds50ruv: {replicageneration} 550feb150060 nscpentrywsi: nsds50ruv: {replica 96 ldap://host25.x1.net:389} 550feb1d0060 551129d70060 nscpentrywsi: nsds50ruv: {replica 1195 ldap://host28.x1.net:389} 550feed904ab 551129d7000804ab *nscpentrywsi: nsds50ruv: {replica 1685 ldap://host68.x1.net:389} 551016e70695 551016e800030695 nscpentrywsi: nsds50ruv: {replica 1690 ldap://host68.x1.net:389} 551012ed069a 551012ee0001069a nscpentrywsi: nsds50ruv: {replica 1695 ldap://host68.x1.net:389} 55100d8b069f 55100d8c0001069f* nscpentrywsi: nsds50ruv: {replica 91 ldap://host51.x2:389} 550ff144005b 551113bd0003005b nscpentrywsi: nsds50ruv: {replica 97 ldap://host26.x1.net:389} 550feb270061 5511271100040061 nscpentrywsi: nsds50ruv: {replica 1095 ldap://host27.x1.net:389} 550fecef0447 55111c8b00050447 nscpentrywsi: nsds50ruv: {replica 1295 ldap://host52.x2:389} 550ff348050f 5511138e000b050f nscpentrywsi: nsds50ruv: {replica 1395 ldap://host32.x2:389} 550ff5ed0573 55110c8500030573 nscpentrywsi: nsds50ruv: {replica 1495 ldap://host33.x2:389} 550ff83705d7 551125b1000105d7 *nscpentrywsi: nsds50ruv: {replica 1595 ldap://host18.x2:389} 550ffc6b063b 550ffc6c0001063b nscpentrywsi: nsds50ruv: {replica 1590 ldap://host18.x2:389} 551a0636 551b00010636 nscpentrywsi: nsds50ruv: {replica 1585 ldap://host18.x2:389} 551003850631 5510038700010631* So host68:389 and host18:389 are masters for the same suffix (o=ipaca) but with different replica Identifier (1685,1690,1695 and 1585,1590,1595). Some of those Replica Identifiers are likely old one that need to cleared. Did you run CLEANRUV ? thanks thierry Right. Maybe you reinstalled IPA replica (several times) without cleaning the RUV? With # ipa-replica-manage list-ruv # ipa-replica-manage clean-ruv you should be able to clean the old (lower) RUVs and see if the error disappears. More info in man ipa-replica-manage and on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-topology.html#cleanruv Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] What am I missing? ipaca?
On 03/24/2015 09:49 AM, Łukasz Jaworski wrote: Wiadomość napisana przez Martin Kosek mko...@redhat.com w dniu 23 mar 2015, o godz. 12:04: On 03/23/2015 04:07 AM, Janelle wrote: attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. Hm, I do not met this error yet. This looks like error from 389-ds-base, it has functions like attrlist_replace. If this is the case, can you please share a bigger section of the errors log, ideally for the whole day (if not too big)? There might be some other related error messages. CCing Ludwig and Thierry for reference. Also, what environment are we talking about, is this still FreeIPA 4.1.3@CentOS-7? Maybe the server also has a replication agreement also with CentOS-6? We need to know this also. We have the same problem (yesterday we've migrated users to IPA4, 8 server wit --setup-ca), on every server we have many: [24/Mar/2015:09:40:04 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x28.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x51.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x51.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x51.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x51.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x51.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x51.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:16 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:16 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:16 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:17 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x28.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:17 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x28.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:17 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x28.x:389/o%3Dipaca) failed. Distributor ID: Fedora Description:Fedora release 21 (Twenty One) 389-ds and freeipa: 389-ds-base-1.3.3.8-1.fc21.x86_64 389-ds-base-libs-1.3.3.8-1.fc21.x86_64 freeipa-server-4.1.3-2.fc21.x86_64 Best regards, Ender Hello, It seems that this error is logged each time a replication session is started. At the beginning of the session, the replica that receive the replication request, tries to update the referral list of the replicated suffix (replica) according to the metadata sent by the master. At this step, it fails with these logs. I would like to check the validity (duplicate ?) of if the referrals contained in the master metadata. Would it be possible you do the following command on all your instances: ldapsearch -h.. -pxxx -D cn=directory manager -w xxx -b o=ipaca((objectclass=nstombstone)(nsUniqueId=---)) nscpentrywsi thanks thierry -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] What am I missing? ipaca?
On 3/23/15 4:04 AM, Martin Kosek wrote: On 03/23/2015 04:07 AM, Janelle wrote: Hello Starting to see a lot of these and wondering what I am dealign with? attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. Hm, I do not met this error yet. This looks like error from 389-ds-base, it has functions like attrlist_replace. If this is the case, can you please share a bigger section of the errors log, ideally for the whole day (if not too big)? There might be some other related error messages. CCing Ludwig and Thierry for reference. Also, what environment are we talking about, is this still FreeIPA 4.1.3@CentOS-7? Maybe the server also has a replication agreement also with CentOS-6? We need to know this also. Thanks, Martin FreeIPA 4.1.3, CentOS 7 Only CentOS 7 -- no other versions intermixed. Nothing else to give you. Sadly, it just repeats alot. No other errrors in the log. It has a replication agreement with another master - both CA's One interesting note -- this was the server that had the ipa-replica-install --setup-ca run on it from the other master. And the other master is ipa1 server. This server that has these errors is ipa2. So this is complaining(?) that the original server is doing something? [23/Mar/2015:04:13:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:23:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:23:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:23:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:28:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:28:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:28:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:38:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:38:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:38:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:43:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:43:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:43:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:53:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:53:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:53:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:58:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:58:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:58:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:00:00 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:00:00 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:00:00 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:05:02 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:05:02 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:05:02 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:08:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:08:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:08:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:13:52 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed.
Re: [Freeipa-users] What am I missing? ipaca?
On 03/23/2015 04:07 AM, Janelle wrote: Hello Starting to see a lot of these and wondering what I am dealign with? attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. Hm, I do not met this error yet. This looks like error from 389-ds-base, it has functions like attrlist_replace. If this is the case, can you please share a bigger section of the errors log, ideally for the whole day (if not too big)? There might be some other related error messages. CCing Ludwig and Thierry for reference. Also, what environment are we talking about, is this still FreeIPA 4.1.3@CentOS-7? Maybe the server also has a replication agreement also with CentOS-6? We need to know this also. Thanks, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] What am I missing? ipaca?
Hello Starting to see a lot of these and wondering what I am dealign with? attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. ~J -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project