[389-users] Replication error with userPassword

Shilen Patel shilen at duke.edu
Tue Aug 19 14:44:48 UTC 2014 

Hi,

I'm running 1.2.11.30 and having an issue replicating the userPassword attribute.  The problem appears to only occur if I'm adding the attribute (rather than replacing) and when it is not in plaintext.  For example, the following replicates without any issues:

dn: uid=shilen3,ou=people,ou=test,dc=duke,dc=edu
changetype: modify
add: userPassword
userPassword: test

The following is good too:

dn: uid=shilen3,ou=people,ou=test,dc=duke,dc=edu
changetype: modify
replace: userPassword
userPassword: {SSHA}DMK4S6PK6+rKSLNOL1Hl01mVJmgGi5jH

But the following updates successfully on the server that I'm directly hitting, but replication fails.

dn: uid=shilen3,ou=people,ou=test,dc=duke,dc=edu
changetype: modify
add: userPassword
userPassword: {SSHA}DMK4S6PK6+rKSLNOL1Hl01mVJmgGi5jH

In all cases, userPassword had no values in the entry to begin with.  When the error occurs, I receive the following message on the supplier:

[19/Aug/2014:15:26:33 +0100] NSMMReplicationPlugin - agmt="cn=test5to6" (host:636): Consumer failed to replay change (uniqueid 1056b901-27aa11e4-a066d327-58be45f0, CSN 53f35e82000000050000): Protocol error (2). Will retry later.

If I do a cl-dump, I see the following:

changetype: modify
replgen: 53e0f14e000000050000
csn: 53f35e82000000050000
nsuniqueid: 1056b901-27aa11e4-a066d327-58be45f0
dn: uid=shilen3,ou=people,ou=test,dc=duke,dc=edu
change::
add: userPassword
userPassword:: e1NTSEF9RE1LNFM2UEs2K3JLU0xOT0wxSGwwMW1WSm1nR2k1akg=
-
replace: modifiersname
modifiersname: cn=directory manager
-
replace: modifytimestamp
modifytimestamp: 20140819142609Z
-
add: unhashed#user#password
-

Any clues as to what the problem might be?  Also, when a problem like this occurs, is there any way to fix it without having to re-init the suffix on all the consumers?

Thanks!

-- Shilen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20140819/8c4d4813/attachment.html>

More information about the 389-users mailing list