James Roman wrote:
We have what appears to be a single replication operation holding up
all
subsequent replication changes. We had a user who was added to our
Active Directory with an incorrect name. The record was then synced down
to our 389 DS server/FreeIPA. When the problem was discovered, it
appears that someone attempted to change the records on both the AD and
Directory Server between replication attempts. We are now stuck in a
loop, where the Directory Server is trying to send the rename operation
to the Active Directory, but it keeps failing due to receiving a
referral (presumably because the rename operation has already occurred
manually, but not sure).
I don't think so. AD uses referrals (continuation
references) for other
things.
First, what platform and what 389 version? What freeipa version?
Please post any relevant log or error messages.
To make things worse, it appears that any
subsequent changes are stuck waiting for this transaction to complete.
How can I rectify a referral operation from my AD server. I assume that
because I have only one LDAP connection to my AD servers that a referral
will never work properly. How can I get around this issue? Is there a
way to revoke this one change and have the Directory begin processing
subsequent changes?
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users