[389-users] Directory Sync rename

Rich Megginson rmeggins at redhat.com
Thu Feb 11 20:25:52 UTC 2010 

James Roman wrote:
> Any help with this. We've got over a weeks worth of replication that
> have been held up by this. At this point I am less interested in fixing
> this one record as I am in getting the rest of the changes synchronized.
>
> Would a full initialization be called for at this point?
>   
Sorry, have not had time to take a look at this.  Please file a bug with 
all relevant information.

Yes, a full init is probably called for at this point . . .
> James Roman wrote:
>   
>> Sorry for forgetting the basics.
>> FC11, ds-base 1.2.5-1, Windows 2003 DC.
>>   
>>     
> Freeipa 1.2.2
>   
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): State: start_backoff -> backoff
>> [08/Feb/2010:13:02:23 -0500] - acquire_replica, supplier RUV:
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: 
>> {replicageneration} 4a6f680c000000030000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica 
>> 3 ldap://MMRmaster.389domain.com:389} 4a6f680c000100030000 
>> 4b70df87000200030000 4b704b80
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica 
>> 8 ldap://MMRReplica.389domain.com:389} 4aaf98a7000000080000 
>> 4b6cc3e4000300080000 4b6c2fdd
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica 
>> 7 ldap://MMRReplica.389domain.com:389} 4aaf926f000000070000 
>> 4aaf9272000000070000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica 
>> 6 ldap://MMRReplica.389domain.com:389} 4aae9e8c000000060000 
>> 4aae9e8f000000060000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica 
>> 5 ldap://MMRReplica.389domain.com:389} 4aae8711000000050000 
>> 4aae8715000000050000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica 
>> 4 ldap://MMRReplica.389domain.com:389} 4aae808f000000040000 
>> 4aae8094000000040000 00000000
>> [08/Feb/2010:13:02:23 -0500] - acquire_replica, consumer RUV:
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: 
>> {replicageneration} 4a6f680c000000030000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica 
>> 3 ldap://MMRmaster.389domain.com:389} 4a6f680c000100030000 
>> 4b67cc3d000100030000 4b673837
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica 
>> 8 ldap://MMRReplica.389domain.com:389} 4aaf98a7000000080000 
>> 4b67be4f000500080000 4b672a49
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica 
>> 7 ldap://MMRReplica.389domain.com:389} 4aaf926f000000070000 
>> 4aaf9272000000070000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica 
>> 6 ldap://MMRReplica.389domain.com:389} 4aae9e8c000000060000 
>> 4aae9e8f000000060000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica 
>> 5 ldap://MMRReplica.389domain.com:389} 4aae8711000000050000 
>> 4aae8715000000050000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica 
>> 4 ldap://MMRReplica.389domain.com:389} 4aae808f000000040000 
>> 4aae8094000000040000 00000000
>> [08/Feb/2010:13:02:23 -0500] - acquire_replica, supplier RUV is newer
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): Cancelling linger on the connection
>> [08/Feb/2010:13:02:23 -0500] - _csngen_adjust_local_time: gen state 
>> before 4b70e5b20001:1265652139:0:37895
>> [08/Feb/2010:13:02:23 -0500] - _csngen_adjust_local_time: gen state 
>> after 4b70e5b60000:1265652143:0:37895
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): State: backoff -> sending_updates
>> [08/Feb/2010:13:02:23 -0500] - csngen_adjust_time: gen state before 
>> 4b70e5b60001:1265652143:0:37895
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - changelog program - 
>> _cl5GetDBFile: found DB object 9034b78 for database 
>> 58b3b7e4-1dd211b2-a840d0c5-afab0000_4a6f680c000000030000.db4
>> [08/Feb/2010:13:02:23 -0500] - _cl5PositionCursorForReplay 
>> (agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636)): Consumer RUV:
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): {replicageneration} 4a6f680c000000030000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): {replica 3 ldap://MMRmaster.389domain.com:389} 
>> 4a6f680c000100030000 4b67cc3d000100030000 4b673837
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): {replica 8 ldap://MMRReplica.389domain.com:389} 
>> 4aaf98a7000000080000 4b67be4f000500080000 4b672a49
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): {replica 7 ldap://MMRReplica.389domain.com:389} 
>> 4aaf926f000000070000 4aaf9272000000070000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): {replica 6 ldap://MMRReplica.389domain.com:389} 
>> 4aae9e8c000000060000 4aae9e8f000000060000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): {replica 5 ldap://MMRReplica.389domain.com:389} 
>> 4aae8711000000050000 4aae8715000000050000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): {replica 4 ldap://MMRReplica.389domain.com:389} 
>> 4aae808f000000040000 4aae8094000000040000 00000000
>> [08/Feb/2010:13:02:23 -0500] - _cl5PositionCursorForReplay 
>> (agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636)): Supplier RUV:
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): {replicageneration} 4a6f680c000000030000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): {replica 3 ldap://MMRmaster.389domain.com:389} 
>> 4a6f680c000100030000 4b70df87000200030000 4b704b80
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): {replica 8 ldap://MMRReplica.389domain.com:389} 
>> 4aaf98a7000000080000 4b6cc3e4000300080000 4b6c2fdd
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): {replica 7 ldap://MMRReplica.389domain.com:389} 
>> 4aaf926f000000070000 4aaf9272000000070000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): {replica 6 ldap://MMRReplica.389domain.com:389} 
>> 4aae9e8c000000060000 4aae9e8f000000060000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): {replica 5 ldap://MMRReplica.389domain.com:389} 
>> 4aae8711000000050000 4aae8715000000050000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): {replica 4 ldap://MMRReplica.389domain.com:389} 
>> 4aae808f000000040000 4aae8094000000040000 00000000
>> [08/Feb/2010:13:02:23 -0500] 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636) - clcache_get_buffer: found thread private buffer 
>> cache 8eeecc0
>> [08/Feb/2010:13:02:23 -0500] 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636) - clcache_get_buffer: _pool is 901ff98 
>> _pool->pl_busy_lists is 95f61c78 _pool->pl_busy_lists->bl_buffers is 8eeecc0
>> [08/Feb/2010:13:02:23 -0500] 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636) - session start: anchorcsn=4b67be4f000500080000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - changelog program - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): CSN 4b67be4f000500080000 found, position set for 
>> replay
>> [08/Feb/2010:13:02:23 -0500] 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636) - load=1 rec=6 csn=4b67cc4f000000030000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): windows_replay_update: Looking at rename 
>> operation local 
>> dn="uid=firstname.lastname,cn=users,cn=accounts,dc=389domain,dc=com" 
>> (ours,user,not group)
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): map_entry_dn_outbound: looking for AD entry for 
>> DS dn="uid=firstname.lastname,cn=users,cn=accounts,dc=389domain,dc=com" 
>> guid="33f6701d2a3e7c438910f79bbae7c68d"
>> [08/Feb/2010:13:02:23 -0500] - Calling windows entry search request plugin
>> [08/Feb/2010:13:02:23 -0500] - windows_search_entry: recieved 2 
>> messages, 1 entries, 0 references
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): map_entry_dn_outbound: return code 0 from search 
>> for AD entry dn="<GUID=33f6701d2a3e7c438910f79bbae7c68d>" or 
>> dn="CN=Firstname Lastname,OU=Site,OU=People,DC=windowsdomain,DC=com"
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): windows_replay_update: Processing rename 
>> operation local 
>> dn="uid=firstname.lastname,cn=users,cn=accounts,dc=389domain,dc=com" 
>> remote dn="<GUID=33f6701d2a3e7c438910f79bbae7c68d>"
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): Received result code 10 (0000202B: RefErr: 
>> DSID-031006E0, data 0, 1 access points       ref 1: '389domain.com' ) 
>> for rename operation
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): Consumer failed to replay change (uniqueid 
>> 7d004901-1dd211b2-8b5dd0c5-afab0000, CSN 4b67cc4f000000030000): Referral 
>> received. Will retry later.
>> [08/Feb/2010:13:02:23 -0500] 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636) - session end: state=0 load=1 sent=1 skipped=5
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): Beginning linger on the connection
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - 
>> agmt="cn=meToDomainController.windowsdomain.com636" 
>> (DomainController:636): State: sending_updates -> start_backoff
>>
>>
>>
>>
>> Rich Megginson wrote:
>>   
>>     
>>> James Roman wrote:
>>>   
>>>     
>>>       
>>>> We have what appears to be a single replication operation holding up all 
>>>> subsequent replication changes. We had a user who was added to our 
>>>> Active Directory with an incorrect name. The record was then synced down 
>>>> to our 389 DS server/FreeIPA. When the problem was discovered, it 
>>>> appears that someone attempted to change the records on both the AD and 
>>>> Directory Server between replication attempts. We are now stuck in a 
>>>> loop, where the Directory Server is trying to send the rename operation 
>>>> to the Active Directory, but it keeps failing due to receiving a 
>>>> referral (presumably because the rename operation has already occurred 
>>>> manually, but not sure).
>>>>     
>>>>       
>>>>         
>>> I don't think so.  AD uses referrals (continuation references) for other 
>>> things.
>>>
>>> First, what platform and what 389 version?  What freeipa version?
>>>
>>> Please post any relevant log or error messages.
>>>   
>>>     
>>>       
>>>> To make things worse, it appears that any 
>>>> subsequent changes are stuck waiting for this transaction to complete.
>>>>
>>>> How can I rectify a referral operation from my AD server. I assume that 
>>>> because I have only one LDAP connection to my AD servers that a referral 
>>>> will never work properly. How can I get around this issue? Is there a 
>>>> way to revoke this one change and have the Directory begin processing 
>>>> subsequent changes?
>>>> --
>>>> 389 users mailing list
>>>> 389-users at lists.fedoraproject.org
>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>   
>>>>     
>>>>       
>>>>         
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>   
>>>     
>>>       
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>   
>>     
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>

More information about the 389-users mailing list