
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#ffffff" text="#000000">

    On 03/09/2011 10:11 AM, Stephen Agar wrote:

    <blockquote

      cite="mid:AANLkTik1zK18nhfQk6JW14nixRFzG-Mr8aZwc2zg_Ecm@mail.gmail.com"

      type="cite">I've seen multiple different types of changes in there

      flagged as this issue.&nbsp; <br>

      - Some was a custom "directory string" attribute, being change

      from value notActivated to activated<br>

    </blockquote>

    I suppose this might be a problem if the schema were somehow

    different between the two servers, which could happen if you added

    the schema via a file and not via LDAP.<br>

    <blockquote

      cite="mid:AANLkTik1zK18nhfQk6JW14nixRFzG-Mr8aZwc2zg_Ecm@mail.gmail.com"

      type="cite">- Some password account lockout attributes, resettime,

      etc.<br>

    </blockquote>

    See

<a class="moz-txt-link-freetext" href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Managing_Replication-Replicating-Password-Attributes">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Managing_Replication-Replicating-Password-Attributes</a><br>

    <blockquote

      cite="mid:AANLkTik1zK18nhfQk6JW14nixRFzG-Mr8aZwc2zg_Ecm@mail.gmail.com"

      type="cite">

      - Most are modifications to the "memberof" attribute, which is set

      by the member plugin<br>

    </blockquote>

    memberof should not be replicated - see

    <a class="moz-txt-link-freetext" href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#groups-cmd-memberof">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#groups-cmd-memberof</a>

    <br>

    there is an Important Note on that page about replicating memberof<br>

    <blockquote

      cite="mid:AANLkTik1zK18nhfQk6JW14nixRFzG-Mr8aZwc2zg_Ecm@mail.gmail.com"

      type="cite">- Some are password changes<br>

    </blockquote>

    I suppose this could be possible if the password policy is different

    on the supplier and the consumer<br>

    <blockquote

      cite="mid:AANLkTik1zK18nhfQk6JW14nixRFzG-Mr8aZwc2zg_Ecm@mail.gmail.com"

      type="cite"><br>

      In all cases that i've checked, the data seems to be correct and

      consistent across all 4 nodes.<br>

      <br>

      Thanks for any insight.<br>

      <br>

      --stephen<br>

      <br>

      <br>

      <div class="gmail_quote">On Tue, Mar 8, 2011 at 3:21 PM, Rich

        Megginson <span dir="ltr">&lt;<a moz-do-not-send="true"

            href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>&gt;</span>

        wrote:<br>

        <blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt

          0.8ex; border-left: 1px solid rgb(204, 204, 204);

          padding-left: 1ex;">

          <div bgcolor="#ffffff" text="#000000">

            <div class="im"> On 03/08/2011 11:17 AM, Stephen Agar wrote:

              <blockquote type="cite">I have a 4 server multi master

                replication setup going on.&nbsp; We get a lot of errors like

                this:<br>

                <br>

                &nbsp;NSMMReplicationPlugin - agmt="cn="Replication to

                server"" (server:636): Consumer failed to replay change

                (uniqueid 2365a885-b85511df-ad54b6ca-51ecbecb, CSN

                4d6ceae5000700010000): DSA is unwilling to perform. Will

                retry later.<br>

                <br>

                I've used cl-dump on all four nodes to dump the logs and

                track these down.&nbsp; However, all of the "offending"

                changes that say they weren't made do indeed seem to be

                applied on all 4 nodes.</blockquote>

            </div>

            What are these changes?&nbsp; What operations, attributes,

            values, etc.<br>

            <blockquote type="cite">

              <div class="im">Is there a command I can use to remove

                specific entries from the changelog?&nbsp; In the past, i've

                just re-initialized nodes to get rid of these, but

                that's certainly not the preferred way to do this.<br>

                <br>

                Thanks,<br>

                Stephen<br>

              </div>

              <pre><fieldset></fieldset>

--

389 users mailing list

<a moz-do-not-send="true" href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>

<a moz-do-not-send="true" href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>

            </blockquote>

            <br>

          </div>

        </blockquote>

      </div>

      <br>

    </blockquote>

    <br>

  </body>

</html>