[389-users] Directory Sync rename
James Roman
james.roman at ssaihq.com
Thu Feb 11 17:45:26 UTC 2010
Any help with this. We've got over a weeks worth of replication that
have been held up by this. At this point I am less interested in fixing
this one record as I am in getting the rest of the changes synchronized.
Would a full initialization be called for at this point?
James Roman wrote:
> Sorry for forgetting the basics.
> FC11, ds-base 1.2.5-1, Windows 2003 DC.
>
Freeipa 1.2.2
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): State: start_backoff -> backoff
> [08/Feb/2010:13:02:23 -0500] - acquire_replica, supplier RUV:
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier:
> {replicageneration} 4a6f680c000000030000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica
> 3 ldap://MMRmaster.389domain.com:389} 4a6f680c000100030000
> 4b70df87000200030000 4b704b80
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica
> 8 ldap://MMRReplica.389domain.com:389} 4aaf98a7000000080000
> 4b6cc3e4000300080000 4b6c2fdd
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica
> 7 ldap://MMRReplica.389domain.com:389} 4aaf926f000000070000
> 4aaf9272000000070000 00000000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica
> 6 ldap://MMRReplica.389domain.com:389} 4aae9e8c000000060000
> 4aae9e8f000000060000 00000000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica
> 5 ldap://MMRReplica.389domain.com:389} 4aae8711000000050000
> 4aae8715000000050000 00000000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica
> 4 ldap://MMRReplica.389domain.com:389} 4aae808f000000040000
> 4aae8094000000040000 00000000
> [08/Feb/2010:13:02:23 -0500] - acquire_replica, consumer RUV:
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer:
> {replicageneration} 4a6f680c000000030000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica
> 3 ldap://MMRmaster.389domain.com:389} 4a6f680c000100030000
> 4b67cc3d000100030000 4b673837
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica
> 8 ldap://MMRReplica.389domain.com:389} 4aaf98a7000000080000
> 4b67be4f000500080000 4b672a49
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica
> 7 ldap://MMRReplica.389domain.com:389} 4aaf926f000000070000
> 4aaf9272000000070000 00000000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica
> 6 ldap://MMRReplica.389domain.com:389} 4aae9e8c000000060000
> 4aae9e8f000000060000 00000000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica
> 5 ldap://MMRReplica.389domain.com:389} 4aae8711000000050000
> 4aae8715000000050000 00000000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica
> 4 ldap://MMRReplica.389domain.com:389} 4aae808f000000040000
> 4aae8094000000040000 00000000
> [08/Feb/2010:13:02:23 -0500] - acquire_replica, supplier RUV is newer
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): Cancelling linger on the connection
> [08/Feb/2010:13:02:23 -0500] - _csngen_adjust_local_time: gen state
> before 4b70e5b20001:1265652139:0:37895
> [08/Feb/2010:13:02:23 -0500] - _csngen_adjust_local_time: gen state
> after 4b70e5b60000:1265652143:0:37895
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): State: backoff -> sending_updates
> [08/Feb/2010:13:02:23 -0500] - csngen_adjust_time: gen state before
> 4b70e5b60001:1265652143:0:37895
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - changelog program -
> _cl5GetDBFile: found DB object 9034b78 for database
> 58b3b7e4-1dd211b2-a840d0c5-afab0000_4a6f680c000000030000.db4
> [08/Feb/2010:13:02:23 -0500] - _cl5PositionCursorForReplay
> (agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636)): Consumer RUV:
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): {replicageneration} 4a6f680c000000030000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): {replica 3 ldap://MMRmaster.389domain.com:389}
> 4a6f680c000100030000 4b67cc3d000100030000 4b673837
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): {replica 8 ldap://MMRReplica.389domain.com:389}
> 4aaf98a7000000080000 4b67be4f000500080000 4b672a49
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): {replica 7 ldap://MMRReplica.389domain.com:389}
> 4aaf926f000000070000 4aaf9272000000070000 00000000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): {replica 6 ldap://MMRReplica.389domain.com:389}
> 4aae9e8c000000060000 4aae9e8f000000060000 00000000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): {replica 5 ldap://MMRReplica.389domain.com:389}
> 4aae8711000000050000 4aae8715000000050000 00000000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): {replica 4 ldap://MMRReplica.389domain.com:389}
> 4aae808f000000040000 4aae8094000000040000 00000000
> [08/Feb/2010:13:02:23 -0500] - _cl5PositionCursorForReplay
> (agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636)): Supplier RUV:
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): {replicageneration} 4a6f680c000000030000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): {replica 3 ldap://MMRmaster.389domain.com:389}
> 4a6f680c000100030000 4b70df87000200030000 4b704b80
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): {replica 8 ldap://MMRReplica.389domain.com:389}
> 4aaf98a7000000080000 4b6cc3e4000300080000 4b6c2fdd
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): {replica 7 ldap://MMRReplica.389domain.com:389}
> 4aaf926f000000070000 4aaf9272000000070000 00000000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): {replica 6 ldap://MMRReplica.389domain.com:389}
> 4aae9e8c000000060000 4aae9e8f000000060000 00000000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): {replica 5 ldap://MMRReplica.389domain.com:389}
> 4aae8711000000050000 4aae8715000000050000 00000000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): {replica 4 ldap://MMRReplica.389domain.com:389}
> 4aae808f000000040000 4aae8094000000040000 00000000
> [08/Feb/2010:13:02:23 -0500]
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636) - clcache_get_buffer: found thread private buffer
> cache 8eeecc0
> [08/Feb/2010:13:02:23 -0500]
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636) - clcache_get_buffer: _pool is 901ff98
> _pool->pl_busy_lists is 95f61c78 _pool->pl_busy_lists->bl_buffers is 8eeecc0
> [08/Feb/2010:13:02:23 -0500]
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636) - session start: anchorcsn=4b67be4f000500080000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - changelog program -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): CSN 4b67be4f000500080000 found, position set for
> replay
> [08/Feb/2010:13:02:23 -0500]
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636) - load=1 rec=6 csn=4b67cc4f000000030000
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): windows_replay_update: Looking at rename
> operation local
> dn="uid=firstname.lastname,cn=users,cn=accounts,dc=389domain,dc=com"
> (ours,user,not group)
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): map_entry_dn_outbound: looking for AD entry for
> DS dn="uid=firstname.lastname,cn=users,cn=accounts,dc=389domain,dc=com"
> guid="33f6701d2a3e7c438910f79bbae7c68d"
> [08/Feb/2010:13:02:23 -0500] - Calling windows entry search request plugin
> [08/Feb/2010:13:02:23 -0500] - windows_search_entry: recieved 2
> messages, 1 entries, 0 references
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): map_entry_dn_outbound: return code 0 from search
> for AD entry dn="<GUID=33f6701d2a3e7c438910f79bbae7c68d>" or
> dn="CN=Firstname Lastname,OU=Site,OU=People,DC=windowsdomain,DC=com"
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): windows_replay_update: Processing rename
> operation local
> dn="uid=firstname.lastname,cn=users,cn=accounts,dc=389domain,dc=com"
> remote dn="<GUID=33f6701d2a3e7c438910f79bbae7c68d>"
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): Received result code 10 (0000202B: RefErr:
> DSID-031006E0, data 0, 1 access points ref 1: '389domain.com' )
> for rename operation
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): Consumer failed to replay change (uniqueid
> 7d004901-1dd211b2-8b5dd0c5-afab0000, CSN 4b67cc4f000000030000): Referral
> received. Will retry later.
> [08/Feb/2010:13:02:23 -0500]
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636) - session end: state=0 load=1 sent=1 skipped=5
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): Beginning linger on the connection
> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
> agmt="cn=meToDomainController.windowsdomain.com636"
> (DomainController:636): State: sending_updates -> start_backoff
>
>
>
>
> Rich Megginson wrote:
>
>> James Roman wrote:
>>
>>
>>> We have what appears to be a single replication operation holding up all
>>> subsequent replication changes. We had a user who was added to our
>>> Active Directory with an incorrect name. The record was then synced down
>>> to our 389 DS server/FreeIPA. When the problem was discovered, it
>>> appears that someone attempted to change the records on both the AD and
>>> Directory Server between replication attempts. We are now stuck in a
>>> loop, where the Directory Server is trying to send the rename operation
>>> to the Active Directory, but it keeps failing due to receiving a
>>> referral (presumably because the rename operation has already occurred
>>> manually, but not sure).
>>>
>>>
>> I don't think so. AD uses referrals (continuation references) for other
>> things.
>>
>> First, what platform and what 389 version? What freeipa version?
>>
>> Please post any relevant log or error messages.
>>
>>
>>> To make things worse, it appears that any
>>> subsequent changes are stuck waiting for this transaction to complete.
>>>
>>> How can I rectify a referral operation from my AD server. I assume that
>>> because I have only one LDAP connection to my AD servers that a referral
>>> will never work properly. How can I get around this issue? Is there a
>>> way to revoke this one change and have the Directory begin processing
>>> subsequent changes?
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
More information about the 389-users
mailing list