We have what appears to be a single replication operation holding up all subsequent replication changes. We had a user who was added to our Active Directory with an incorrect name. The record was then synced down to our 389 DS server/FreeIPA. When the problem was discovered, it appears that someone attempted to change the records on both the AD and Directory Server between replication attempts. We are now stuck in a loop, where the Directory Server is trying to send the rename operation to the Active Directory, but it keeps failing due to receiving a referral (presumably because the rename operation has already occurred manually, but not sure). To make things worse, it appears that any subsequent changes are stuck waiting for this transaction to complete. How can I rectify a referral operation from my AD server. I assume that because I have only one LDAP connection to my AD servers that a referral will never work properly. How can I get around this issue? Is there a way to revoke this one change and have the Directory begin processing subsequent changes?
