Hello all,
I would like to ask you to help me to resolve an issue with fedora Directory server whose purpose is to be synchronized from Windows 2003 R2 Active Directory server.
The Windows server contents a huge amount of LDAP entries into its Active Directory LDAP database - currently they are more than 5 600 000 in number.
The initial initialization of replica was made by importing the big LDIF file, generated by Windows server, into Fedora Directory database.
All initially imported entries have kind of DN like "dn: cn=<something>, ou=<org. unit>, dc=<domain>,dc=<top domain>", where the text between < and > replaces the actual data. Due the huge amount of data, I suppose, the import operations prolonged many days, more than 10 days. After initialization, the replication was successfully started and was working well.
After some time it was detected a newly automatically started initialization and many new LDAP entries, added as a result of replication to Fedora Directory server database were detected too. However these new entries actually were duplicates of already existing LDAP entries into FDS server, but with different kind of DNs: "dn: uid=<something the same as that above>,ou=<org.unit>,dc=<domain>,dc=<top domain>", i.e. with DNs with UID attribute instead of CN attribute. There were other differences between initially imported data and duplicated data was one additional attribute describing object class of entries - into initial data there were
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: ntUser
but, into data of entries that are duplicated there were
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetOrgPerson
objectClass: ntUser
The duplicated entries of kind "dn: uid=...." were deleted and the replication agreement was created again. The log level was increased to debug and the full replica initialization was started through GUI of FDS.
So, this recently started full initialization is still working, already for more then 10 days. It's not a normal behavior, even the data is very huge, I think.
Now the error log od Fedora Directory server is filling constantly with such messages :
[28/Aug/2007:11:36:45 +0100] - slapi_str2entry: flags=0x0, entry="dn: CN=<something>,OU=<org.unit>,DC=<domain>,DC=<top domain>
It seems the process is passing through something like a cycle, because I see the same data is appearing after some time over and over again in the log files, without the initialization to finish.
My questions are:
1) Why have the duplicated entries with other kind of DNs spring up? These duplicated entries continue to appear again, but they are not desired. I need to know how to clear duplicates in order to such additions to be avoided.
2) Why the full replica initialization fall into such a cyclic recurrence and do not finish its work.
Best regards,
Kalin Krustev