On Tue, 2016-02-02 at 17:11 -0600, Derek Belcher wrote:
I recently added a new Muilt-Master and Consumer to my existing LDAP
infrastructure and I am having issues when I go to initialize the new
servers. On the new servers I am getting the following errors:
[02/Feb/2016:15:27:17 -0600] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=alertlogic,dc=net is going
offline;
disabling replication
[02/Feb/2016:15:27:17 -0600] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to
access the
database
[02/Feb/2016:15:27:17 -0600] - import userRoot: WARNING: Skipping
entry
"uid=user1,ou=Users,ou=Place1,ou=Place2,ou=Groups,dc=mydomain,dc=net"
which
has no parent, ending at line 0 of file "(bulk import)"
[02/Feb/2016:15:27:17 -0600] - import userRoot: WARNING: Skipping
entry
"uid=user2,ou=Users,ou=Place1,ou=Place2,ou=Groups,dc=mydomain,dc=net"
which
has no parent, ending at line 0 of file "(bulk import)"
[02/Feb/2016:15:27:17 -0600] - import userRoot: WARNING: bad entry:
ID 29
[02/Feb/2016:15:27:17 -0600] - import userRoot: WARNING: Skipping
entry
"uid=user3,ou=Users,ou=Place1,ou=Place2,ou=Groups,dc=mydomain,dc=net"
which
has no parent, ending at line 0 of file "(bulk import)"
[02/Feb/2016:15:27:17 -0600] - import userRoot: WARNING: bad entry:
ID 30
[02/Feb/2016:15:27:17 -0600] - import userRoot: WARNING: bad entry:
ID 31
I could not find much on these errors and was thinking that I may
need to
re-index my source master LDAP server. I have verified that all of
the OU's
exist on the new servers. When I re-initalize these two new servers
it does
put the bulk of the users into the OU's but is failing on a few users
(as
shown above). I found the following post and have surmised my
strategy from
it:
http://www.spinics.net/linux/fedora/389-users/msg17329.html
I am planning on running the following command on my source server:
# /usr/lib64/dirsrv/slapd-YOURID/db2index -n MYBACKEND -t entryrdn
I would do;
/usr/sbin/db2index -Z YOURID -n MYBACKEND -t entryrdn
The per-instance scripts are "out of favour".
Questions:
1) Is this the right command and am I thinking about this issue in
the
correct manner?
It appears to be the same issues. However, there is no response from
the user that this corrected their problem.
I would advise that you should stop outgoing replication from the
affected master (IE, set nsds5ReplicaEnabled=off on the affected
master.). This should still let you push the re-initialise into the
affected, but mithout the risk of data going back out in the case of an
issue.
2) If this is the corrent command to run, after running it, do I
need
to
break all replications and re-initialize all of my Masters, then
consumers,
then setup all of the replication agreements again? Or do I just run
the
db2index.pl and then let the established replication agreements just
do
their thing?
3) Is there anything else that I should be aware of or do before I
take
this action?
Backup. Always backup before you start anything. Paranoia is a good
thing.
db2ldif -r is probably what you want to use.
All servers are running CentOS 6.xx
# rpm -qa 389*
389-ds-console-1.2.6-1.el6.noarch
389-ds-1.2.2-1.el6.noarch
389-ds-base-libs-1.2.11.15-48.el6_6.x86_64
389-dsgw-1.1.11-1.el6.x86_64
389-admin-console-1.1.8-1.el6.noarch
389-ds-console-doc-1.2.6-1.el6.noarch
389-console-1.1.7-1.el6.noarch
389-admin-1.1.35-1.el6.x86_64
389-admin-console-doc-1.1.8-1.el6.noarch
389-adminutil-1.1.19-1.el6.x86_64
389-ds-base-1.2.11.15-48.el6_6.x86_64
Thank you all for your time and I really appreciate all of your help!
--Derek
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproj
ect.org
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane