Re: [Freeipa-users] What am I missing? ipaca?
Hi, Wiadomość napisana przez Martin Kosek mko...@redhat.com w dniu 24 mar 2015, o godz. 17:08: Right. Maybe you reinstalled IPA replica (several times) without cleaning the RUV? With # ipa-replica-manage list-ruv # ipa-replica-manage clean-ruv you should be able to clean the old (lower) RUVs and see if the error disappears. More info in man ipa-replica-manage and on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-topology.html#cleanruv Martin After cleanruv looks better. But I had some problems with ipa-replica-manage 1. loks like ipa-replica-manage works only with dc=x replicas, not o=ipaca 2. There is no option clean-ruv in ipa-csreplica-manage Best regards, Ender -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] What am I missing? ipaca?
Hello,
Sorry for the late answer.
Those entries are named RUV.
host25.x1.net RUV contains
nscpentrywsi: nsds50ruv: {replicageneration} 550feb150060
nscpentrywsi: nsds50ruv: {replica 96 ldap://host25.x1.net:389}
550feb1d0060 551129d70060
nscpentrywsi: nsds50ruv: {replica 1195 ldap://host28.x1.net:389}
550feed904ab 551129d7000804ab
*nscpentrywsi: nsds50ruv: {replica 1685 ldap://host68.x1.net:389}
551016e70695 551016e800030695
nscpentrywsi: nsds50ruv: {replica 1690 ldap://host68.x1.net:389}
551012ed069a 551012ee0001069a
nscpentrywsi: nsds50ruv: {replica 1695 ldap://host68.x1.net:389}
55100d8b069f 55100d8c0001069f*
nscpentrywsi: nsds50ruv: {replica 91 ldap://host51.x2:389}
550ff144005b 551113bd0003005b
nscpentrywsi: nsds50ruv: {replica 97 ldap://host26.x1.net:389}
550feb270061 5511271100040061
nscpentrywsi: nsds50ruv: {replica 1095 ldap://host27.x1.net:389}
550fecef0447 55111c8b00050447
nscpentrywsi: nsds50ruv: {replica 1295 ldap://host52.x2:389}
550ff348050f 5511138e000b050f
nscpentrywsi: nsds50ruv: {replica 1395 ldap://host32.x2:389}
550ff5ed0573 55110c8500030573
nscpentrywsi: nsds50ruv: {replica 1495 ldap://host33.x2:389}
550ff83705d7 551125b1000105d7
*nscpentrywsi: nsds50ruv: {replica 1595 ldap://host18.x2:389}
550ffc6b063b 550ffc6c0001063b
nscpentrywsi: nsds50ruv: {replica 1590 ldap://host18.x2:389}
551a0636 551b00010636
nscpentrywsi: nsds50ruv: {replica 1585 ldap://host18.x2:389}
551003850631 5510038700010631*
So host68:389 and host18:389 are masters for the same suffix (o=ipaca) but with
different replica Identifier (1685,1690,1695 and 1585,1590,1595).
Some of those Replica Identifiers are likely old one that need to cleared.
Did you run CLEANRUV ?
thanks
thierry
On 03/24/2015 11:20 AM, Łukasz Jaworski wrote:
Hi,
Wiadomość napisana przez thierry bordaz tbor...@redhat.com w dniu 24 mar
2015, o godz. 10:01:
It seems that this error is logged each time a replication session is started.
At the beginning of the session, the replica that receive the replication
request, tries to update the referral list of the replicated suffix (replica)
according to the metadata sent by the master.
At this step, it fails with these logs.
I would like to check the validity (duplicate ?) of if the referrals contained
in the master metadata. Would it be possible you do the following command on
all your instances:
ldapsearch -h .. -pxxx -D cn=directory manager -w xxx -b o=ipaca
((objectclass=nstombstone)(nsUniqueId=---)) nscpentrywsi
Servers:
dc1:
host25.x1.net:
host26.x1.net:
host27.x1.net:
host28.x1.net:
host68.x1.net:
dc2:
host51.x2:
host52.x2:
host32.x2:
host33.x2:
host18.x2:
connected:
68 28 25 51 33 18
| | ||
| | ||
27 26 52 32
host25.x1.net:
# extended LDIF
#
# LDAPv3
# base o=ipaca with scope subtree
# filter:
((objectclass=nstombstone)(nsUniqueId=---))
# requesting: nscpentrywsi
#
# replica, o\3Dipaca, mapping tree, config
dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config
nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config
nscpentrywsi: objectClass: top
nscpentrywsi: objectClass: nsDS5Replica
nscpentrywsi: objectClass: extensibleobject
nscpentrywsi: nsDS5ReplicaRoot: o=ipaca
nscpentrywsi: nsDS5ReplicaType: 3
nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager
masterAgreement1-s50026.x1.net-pki-tomcat,ou=csusers,cn=config
nscpentrywsi: nsDS5ReplicaBindDN: cn=replication manager,cn=config
nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager
masterAgreement1-s41651.x2-pki-tomcat,ou=csusers,cn=config
nscpentrywsi: cn: replica
nscpentrywsi: nsDS5ReplicaId: 96
nscpentrywsi: nsDS5Flags: 1
nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca
nscpentrywsi: modifiersName: cn=Multimaster Replication
Plugin,cn=plugins,cn=config
nscpentrywsi: createTimestamp: 20150323102941Z
nscpentrywsi: modifyTimestamp: 20150324090956Z
nscpentrywsi: nsState:: YADcKRFVAgACAA==
nscpentrywsi: nsDS5ReplicaName: 7bed7405-d14711e4-92bcd6f7-18cf6218
nscpentrywsi: numSubordinates: 3
nscpentrywsi: nsds50ruv: {replicageneration} 550feb150060
nscpentrywsi: nsds50ruv: {replica 96 ldap://host25.x1.net:389}
550feb1d0060 551129d70060
nscpentrywsi: nsds50ruv: {replica 1195 ldap://host28.x1.net:389}
550feed904ab 551129d7000804ab
nscpentrywsi: nsds50ruv: {replica 1685 ldap://host68.x1.net:389}
551016e70695 551016e800030695
nscpentrywsi: nsds50ruv: {replica 1690 ldap://host68.x1.net:389}
551012ed069a
Re: [Freeipa-users] What am I missing? ipaca?
Hi,
Wiadomość napisana przez thierry bordaz tbor...@redhat.com w dniu 24 mar
2015, o godz. 10:01:
It seems that this error is logged each time a replication session is
started. At the beginning of the session, the replica that receive the
replication request, tries to update the referral list of the replicated
suffix (replica) according to the metadata sent by the master.
At this step, it fails with these logs.
I would like to check the validity (duplicate ?) of if the referrals
contained in the master metadata. Would it be possible you do the following
command on all your instances:
ldapsearch -h .. -pxxx -D cn=directory manager -w xxx -b o=ipaca
((objectclass=nstombstone)(nsUniqueId=---))
nscpentrywsi
Servers:
dc1:
host25.x1.net:
host26.x1.net:
host27.x1.net:
host28.x1.net:
host68.x1.net:
dc2:
host51.x2:
host52.x2:
host32.x2:
host33.x2:
host18.x2:
connected:
68 28 25 51 33 18
| | ||
| | ||
27 26 52 32
host25.x1.net:
# extended LDIF
#
# LDAPv3
# base o=ipaca with scope subtree
# filter:
((objectclass=nstombstone)(nsUniqueId=---))
# requesting: nscpentrywsi
#
# replica, o\3Dipaca, mapping tree, config
dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config
nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config
nscpentrywsi: objectClass: top
nscpentrywsi: objectClass: nsDS5Replica
nscpentrywsi: objectClass: extensibleobject
nscpentrywsi: nsDS5ReplicaRoot: o=ipaca
nscpentrywsi: nsDS5ReplicaType: 3
nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager
masterAgreement1-s50026.x1.net-pki-tomcat,ou=csusers,cn=config
nscpentrywsi: nsDS5ReplicaBindDN: cn=replication manager,cn=config
nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager
masterAgreement1-s41651.x2-pki-tomcat,ou=csusers,cn=config
nscpentrywsi: cn: replica
nscpentrywsi: nsDS5ReplicaId: 96
nscpentrywsi: nsDS5Flags: 1
nscpentrywsi: creatorsName: uid=pkidbuser,ou=people,o=ipaca
nscpentrywsi: modifiersName: cn=Multimaster Replication
Plugin,cn=plugins,cn=config
nscpentrywsi: createTimestamp: 20150323102941Z
nscpentrywsi: modifyTimestamp: 20150324090956Z
nscpentrywsi: nsState:: YADcKRFVAgACAA==
nscpentrywsi: nsDS5ReplicaName: 7bed7405-d14711e4-92bcd6f7-18cf6218
nscpentrywsi: numSubordinates: 3
nscpentrywsi: nsds50ruv: {replicageneration} 550feb150060
nscpentrywsi: nsds50ruv: {replica 96 ldap://host25.x1.net:389}
550feb1d0060 551129d70060
nscpentrywsi: nsds50ruv: {replica 1195 ldap://host28.x1.net:389}
550feed904ab 551129d7000804ab
nscpentrywsi: nsds50ruv: {replica 1685 ldap://host68.x1.net:389}
551016e70695 551016e800030695
nscpentrywsi: nsds50ruv: {replica 1690 ldap://host68.x1.net:389}
551012ed069a 551012ee0001069a
nscpentrywsi: nsds50ruv: {replica 1695 ldap://host68.x1.net:389}
55100d8b069f 55100d8c0001069f
nscpentrywsi: nsds50ruv: {replica 91 ldap://host51.x2:389}
550ff144005b 551113bd0003005b
nscpentrywsi: nsds50ruv: {replica 97 ldap://host26.x1.net:389}
550feb270061 5511271100040061
nscpentrywsi: nsds50ruv: {replica 1095 ldap://host27.x1.net:389}
550fecef0447 55111c8b00050447
nscpentrywsi: nsds50ruv: {replica 1295 ldap://host52.x2:389}
550ff348050f 5511138e000b050f
nscpentrywsi: nsds50ruv: {replica 1395 ldap://host32.x2:389}
550ff5ed0573 55110c8500030573
nscpentrywsi: nsds50ruv: {replica 1495 ldap://host33.x2:389}
550ff83705d7 551125b1000105d7
nscpentrywsi: nsds50ruv: {replica 1595 ldap://host18.x2:389}
550ffc6b063b 550ffc6c0001063b
nscpentrywsi: nsds50ruv: {replica 1590 ldap://host18.x2:389}
551a0636 551b00010636
nscpentrywsi: nsds50ruv: {replica 1585 ldap://host18.x2:389}
551003850631 5510038700010631
nscpentrywsi: nsds5agmtmaxcsn:
o=ipaca;masterAgreement1-host26.x1.net-pki-tomcat;host26.x1.net;389;97;551129d70060
nscpentrywsi: nsds5agmtmaxcsn:
o=ipaca;masterAgreement1-host28.x1.net-pki-tomcat;host28.x1.net;389;1195;551129d70060
nscpentrywsi: nsds5agmtmaxcsn:
o=ipaca;cloneAgreement1-host51.x2-pki-tomcat;host51.x2;389;91;551129d70060
nscpentrywsi: nsruvReplicaLastModified: {replica 96
ldap://host25.x1.net:389} 551129d5
nscpentrywsi: nsruvReplicaLastModified: {replica 1195
ldap://host28.x1.net:389} 551129d8
nscpentrywsi: nsruvReplicaLastModified: {replica 1685
ldap://host68.x1.net:389}
nscpentrywsi: nsruvReplicaLastModified: {replica 1690
ldap://host68.x1.net:389}
nscpentrywsi: nsruvReplicaLastModified: {replica 1695
ldap://host68.x1.net:389}
nscpentrywsi: nsruvReplicaLastModified:
Re: [Freeipa-users] What am I missing? ipaca?
On 03/24/2015 03:18 PM, thierry bordaz wrote:
Hello,
Sorry for the late answer.
Those entries are named RUV.
host25.x1.net RUV contains
nscpentrywsi: nsds50ruv: {replicageneration} 550feb150060
nscpentrywsi: nsds50ruv: {replica 96 ldap://host25.x1.net:389}
550feb1d0060 551129d70060
nscpentrywsi: nsds50ruv: {replica 1195 ldap://host28.x1.net:389}
550feed904ab 551129d7000804ab
*nscpentrywsi: nsds50ruv: {replica 1685 ldap://host68.x1.net:389}
551016e70695 551016e800030695
nscpentrywsi: nsds50ruv: {replica 1690 ldap://host68.x1.net:389}
551012ed069a 551012ee0001069a
nscpentrywsi: nsds50ruv: {replica 1695 ldap://host68.x1.net:389}
55100d8b069f 55100d8c0001069f*
nscpentrywsi: nsds50ruv: {replica 91 ldap://host51.x2:389}
550ff144005b 551113bd0003005b
nscpentrywsi: nsds50ruv: {replica 97 ldap://host26.x1.net:389}
550feb270061 5511271100040061
nscpentrywsi: nsds50ruv: {replica 1095 ldap://host27.x1.net:389}
550fecef0447 55111c8b00050447
nscpentrywsi: nsds50ruv: {replica 1295 ldap://host52.x2:389}
550ff348050f 5511138e000b050f
nscpentrywsi: nsds50ruv: {replica 1395 ldap://host32.x2:389}
550ff5ed0573 55110c8500030573
nscpentrywsi: nsds50ruv: {replica 1495 ldap://host33.x2:389}
550ff83705d7 551125b1000105d7
*nscpentrywsi: nsds50ruv: {replica 1595 ldap://host18.x2:389}
550ffc6b063b 550ffc6c0001063b
nscpentrywsi: nsds50ruv: {replica 1590 ldap://host18.x2:389}
551a0636 551b00010636
nscpentrywsi: nsds50ruv: {replica 1585 ldap://host18.x2:389}
551003850631 5510038700010631*
So host68:389 and host18:389 are masters for the same suffix (o=ipaca) but
with
different replica Identifier (1685,1690,1695 and 1585,1590,1595).
Some of those Replica Identifiers are likely old one that need to cleared.
Did you run CLEANRUV ?
thanks
thierry
Right. Maybe you reinstalled IPA replica (several times) without cleaning the
RUV? With
# ipa-replica-manage list-ruv
# ipa-replica-manage clean-ruv
you should be able to clean the old (lower) RUVs and see if the error
disappears. More info in man ipa-replica-manage and on
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-topology.html#cleanruv
Martin
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] What am I missing? ipaca?
On 03/24/2015 09:49 AM, Łukasz Jaworski wrote: Wiadomość napisana przez Martin Kosek mko...@redhat.com w dniu 23 mar 2015, o godz. 12:04: On 03/23/2015 04:07 AM, Janelle wrote: attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. Hm, I do not met this error yet. This looks like error from 389-ds-base, it has functions like attrlist_replace. If this is the case, can you please share a bigger section of the errors log, ideally for the whole day (if not too big)? There might be some other related error messages. CCing Ludwig and Thierry for reference. Also, what environment are we talking about, is this still FreeIPA 4.1.3@CentOS-7? Maybe the server also has a replication agreement also with CentOS-6? We need to know this also. We have the same problem (yesterday we've migrated users to IPA4, 8 server wit --setup-ca), on every server we have many: [24/Mar/2015:09:40:04 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x28.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x51.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x51.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:08 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x51.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x51.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x51.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:14 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x51.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:16 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:16 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:16 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x26.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:17 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x28.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:17 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x28.x:389/o%3Dipaca) failed. [24/Mar/2015:09:40:17 +0100] attrlist_replace - attr_replace (nsslapd-referral, ldap://x28.x:389/o%3Dipaca) failed. Distributor ID: Fedora Description:Fedora release 21 (Twenty One) 389-ds and freeipa: 389-ds-base-1.3.3.8-1.fc21.x86_64 389-ds-base-libs-1.3.3.8-1.fc21.x86_64 freeipa-server-4.1.3-2.fc21.x86_64 Best regards, Ender Hello, It seems that this error is logged each time a replication session is started. At the beginning of the session, the replica that receive the replication request, tries to update the referral list of the replicated suffix (replica) according to the metadata sent by the master. At this step, it fails with these logs. I would like to check the validity (duplicate ?) of if the referrals contained in the master metadata. Would it be possible you do the following command on all your instances: ldapsearch -h.. -pxxx -D cn=directory manager -w xxx -b o=ipaca((objectclass=nstombstone)(nsUniqueId=---)) nscpentrywsi thanks thierry -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] What am I missing? ipaca?
On 3/23/15 4:04 AM, Martin Kosek wrote: On 03/23/2015 04:07 AM, Janelle wrote: Hello Starting to see a lot of these and wondering what I am dealign with? attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. Hm, I do not met this error yet. This looks like error from 389-ds-base, it has functions like attrlist_replace. If this is the case, can you please share a bigger section of the errors log, ideally for the whole day (if not too big)? There might be some other related error messages. CCing Ludwig and Thierry for reference. Also, what environment are we talking about, is this still FreeIPA 4.1.3@CentOS-7? Maybe the server also has a replication agreement also with CentOS-6? We need to know this also. Thanks, Martin FreeIPA 4.1.3, CentOS 7 Only CentOS 7 -- no other versions intermixed. Nothing else to give you. Sadly, it just repeats alot. No other errrors in the log. It has a replication agreement with another master - both CA's One interesting note -- this was the server that had the ipa-replica-install --setup-ca run on it from the other master. And the other master is ipa1 server. This server that has these errors is ipa2. So this is complaining(?) that the original server is doing something? [23/Mar/2015:04:13:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:23:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:23:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:23:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:28:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:28:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:28:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:38:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:38:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:38:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:43:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:43:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:43:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:53:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:53:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:53:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:58:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:58:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:04:58:53 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:00:00 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:00:00 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:00:00 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:05:02 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:05:02 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:05:02 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:08:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:08:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:08:50 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. [23/Mar/2015:05:13:52 -0700] attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed.
Re: [Freeipa-users] What am I missing? ipaca?
On 03/23/2015 04:07 AM, Janelle wrote: Hello Starting to see a lot of these and wondering what I am dealign with? attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. Hm, I do not met this error yet. This looks like error from 389-ds-base, it has functions like attrlist_replace. If this is the case, can you please share a bigger section of the errors log, ideally for the whole day (if not too big)? There might be some other related error messages. CCing Ludwig and Thierry for reference. Also, what environment are we talking about, is this still FreeIPA 4.1.3@CentOS-7? Maybe the server also has a replication agreement also with CentOS-6? We need to know this also. Thanks, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] What am I missing? ipaca?
Hello Starting to see a lot of these and wondering what I am dealign with? attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.example.com:389/o%3Dipaca) failed. ~J -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
