On 05/20/2011 05:18 AM, Jim Tyrrell wrote:
Hi,
We have a setup with multiple masters which are replicating down to 389
Directory Server consumers via 2 hubs, but have a consistency issue.
It appears a few objects were deleted and re-added to the masters but
the object was not deleted from the 389 consumers. We now have 1
object on the masters and 2 objects on the consumers which causes
problems for the mail servers. If we delete the object from the master
we are still left with one object on the slaves. The slaves currently
have a few duplicate objects like this:
dn: cn=mx::10, cn=somedomain.co.uk, ou=dns,
o=acmesystems.com
cn: mx::10
mailtransport: nexthop:[mailserver.ourdomain.com]
dnspreference: 10
dnstype: MX
dn:
nsuniqueid=7edfa581-1dd211b2-8014f995-55bd0000+cn=mx::10,cn=somedomain.co.uk,
ou=dns,o=acmesystems.com
cn: mx::10
mailtransport: nexthop:[mailserver.ourdomain.com]
dnspreference: 10
dnstype: MX
The object showing nsuniqueid is the valid one that exists on the
master. Is there a way to remove the 2nd object from the consumer
without re-initialising?
not sure, but you could try this
1) make sure no supplier will attempt to send updates - you can do this
by "suspending" replication - how it works is that you first do a search
on the suppliers for the replication agreement for this server
a) ldapsearch -x -D "cn=directory manager" -W -b cn=config
"objectclass=nsds5replicationagreement"
find the one for your consumer, then note the dn:
b) use ldapmodify to change the replication schedule to be "not now":
ldapmodify -x -D "cn=directory manager" -W <<EOF
dn: the dn of the replication agreement
changetype: modify
replace: nsds5replicaupdateschedule
nsds5replicaupdateschedule: 2358-2359 0
EOF
2) shutdown the server you are attempting to fix
3) edit dse.ldif - find the mapping tree entry for the suffix
cn=somedomain.co.uk,
ou=dns,o=acmesystems.com - change nsslapd-state: backend
4) start the server
5) ldapdelete -x -D "cn=directory manager" -W
"nsuniqueid=7edfa581-1dd211b2-8014f995-55bd0000+cn=mx::10,cn=somedomain.co.uk,
ou=dns,o=acmesystems.com"
or any other modify operation you might need to do
6) on the suppliers, "resume" replication
ldapmodify -x -D "cn=directory manager" -W <<EOF
dn: the dn of the replication agreement
changetype: modify
replace: nsds5replicaupdateschedule
nsds5replicaupdateschedule: 0000-2359 0123456
EOF
see also
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-singl...
I have seen this before on a single consumer so we re-initialised
it,
but its a much bigger problem to re-initialise all of the consumers. It
would be ideal if there is a way to manually delete an object direct on
a consumer?
Thanks.
Jim.
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users