James Roman wrote:
> Any help with this. We've got over a weeks worth of replication that
> have been held up by this. At this point I am less interested in fixing
> this one record as I am in getting the rest of the changes synchronized.
>
> Would a full initialization be called for at this point?
>
Sorry, have not had time to take a look at this. Please file a bug with
all relevant information.
Yes, a full init is probably called for at this point . . .
> James Roman wrote:
>
>> Sorry for forgetting the basics.
>> FC11, ds-base 1.2.5-1, Windows 2003 DC.
>>
>>
> Freeipa 1.2.2
>
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): State: start_backoff -> backoff
>> [08/Feb/2010:13:02:23 -0500] - acquire_replica, supplier RUV:
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier:
>> {replicageneration} 4a6f680c000000030000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica
>> 3 ldap://MMRmaster.389domain.com:389} 4a6f680c000100030000
>> 4b70df87000200030000 4b704b80
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica
>> 8 ldap://MMRReplica.389domain.com:389} 4aaf98a7000000080000
>> 4b6cc3e4000300080000 4b6c2fdd
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica
>> 7 ldap://MMRReplica.389domain.com:389} 4aaf926f000000070000
>> 4aaf9272000000070000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica
>> 6 ldap://MMRReplica.389domain.com:389} 4aae9e8c000000060000
>> 4aae9e8f000000060000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica
>> 5 ldap://MMRReplica.389domain.com:389} 4aae8711000000050000
>> 4aae8715000000050000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - supplier: {replica
>> 4 ldap://MMRReplica.389domain.com:389} 4aae808f000000040000
>> 4aae8094000000040000 00000000
>> [08/Feb/2010:13:02:23 -0500] - acquire_replica, consumer RUV:
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer:
>> {replicageneration} 4a6f680c000000030000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica
>> 3 ldap://MMRmaster.389domain.com:389} 4a6f680c000100030000
>> 4b67cc3d000100030000 4b673837
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica
>> 8 ldap://MMRReplica.389domain.com:389} 4aaf98a7000000080000
>> 4b67be4f000500080000 4b672a49
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica
>> 7 ldap://MMRReplica.389domain.com:389} 4aaf926f000000070000
>> 4aaf9272000000070000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica
>> 6 ldap://MMRReplica.389domain.com:389} 4aae9e8c000000060000
>> 4aae9e8f000000060000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica
>> 5 ldap://MMRReplica.389domain.com:389} 4aae8711000000050000
>> 4aae8715000000050000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - consumer: {replica
>> 4 ldap://MMRReplica.389domain.com:389} 4aae808f000000040000
>> 4aae8094000000040000 00000000
>> [08/Feb/2010:13:02:23 -0500] - acquire_replica, supplier RUV is newer
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): Cancelling linger on the connection
>> [08/Feb/2010:13:02:23 -0500] - _csngen_adjust_local_time: gen state
>> before 4b70e5b20001:1265652139:0:37895
>> [08/Feb/2010:13:02:23 -0500] - _csngen_adjust_local_time: gen state
>> after 4b70e5b60000:1265652143:0:37895
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): State: backoff -> sending_updates
>> [08/Feb/2010:13:02:23 -0500] - csngen_adjust_time: gen state before
>> 4b70e5b60001:1265652143:0:37895
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - changelog program -
>> _cl5GetDBFile: found DB object 9034b78 for database
>> 58b3b7e4-1dd211b2-a840d0c5-afab0000_4a6f680c000000030000.db4
>> [08/Feb/2010:13:02:23 -0500] - _cl5PositionCursorForReplay
>> (agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636)): Consumer RUV:
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): {replicageneration} 4a6f680c000000030000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): {replica 3 ldap://MMRmaster.389domain.com:389}
>> 4a6f680c000100030000 4b67cc3d000100030000 4b673837
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): {replica 8 ldap://MMRReplica.389domain.com:389}
>> 4aaf98a7000000080000 4b67be4f000500080000 4b672a49
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): {replica 7 ldap://MMRReplica.389domain.com:389}
>> 4aaf926f000000070000 4aaf9272000000070000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): {replica 6 ldap://MMRReplica.389domain.com:389}
>> 4aae9e8c000000060000 4aae9e8f000000060000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): {replica 5 ldap://MMRReplica.389domain.com:389}
>> 4aae8711000000050000 4aae8715000000050000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): {replica 4 ldap://MMRReplica.389domain.com:389}
>> 4aae808f000000040000 4aae8094000000040000 00000000
>> [08/Feb/2010:13:02:23 -0500] - _cl5PositionCursorForReplay
>> (agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636)): Supplier RUV:
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): {replicageneration} 4a6f680c000000030000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): {replica 3 ldap://MMRmaster.389domain.com:389}
>> 4a6f680c000100030000 4b70df87000200030000 4b704b80
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): {replica 8 ldap://MMRReplica.389domain.com:389}
>> 4aaf98a7000000080000 4b6cc3e4000300080000 4b6c2fdd
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): {replica 7 ldap://MMRReplica.389domain.com:389}
>> 4aaf926f000000070000 4aaf9272000000070000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): {replica 6 ldap://MMRReplica.389domain.com:389}
>> 4aae9e8c000000060000 4aae9e8f000000060000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): {replica 5 ldap://MMRReplica.389domain.com:389}
>> 4aae8711000000050000 4aae8715000000050000 00000000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): {replica 4 ldap://MMRReplica.389domain.com:389}
>> 4aae808f000000040000 4aae8094000000040000 00000000
>> [08/Feb/2010:13:02:23 -0500]
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636) - clcache_get_buffer: found thread private buffer
>> cache 8eeecc0
>> [08/Feb/2010:13:02:23 -0500]
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636) - clcache_get_buffer: _pool is 901ff98
>> _pool->pl_busy_lists is 95f61c78 _pool->pl_busy_lists->bl_buffers is 8eeecc0
>> [08/Feb/2010:13:02:23 -0500]
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636) - session start: anchorcsn=4b67be4f000500080000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin - changelog program -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): CSN 4b67be4f000500080000 found, position set for
>> replay
>> [08/Feb/2010:13:02:23 -0500]
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636) - load=1 rec=6 csn=4b67cc4f000000030000
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): windows_replay_update: Looking at rename
>> operation local
>> dn="uid=firstname.lastname,cn=users,cn=accounts,dc=389domain,dc=com"
>> (ours,user,not group)
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): map_entry_dn_outbound: looking for AD entry for
>> DS dn="uid=firstname.lastname,cn=users,cn=accounts,dc=389domain,dc=com"
>> guid="33f6701d2a3e7c438910f79bbae7c68d"
>> [08/Feb/2010:13:02:23 -0500] - Calling windows entry search request plugin
>> [08/Feb/2010:13:02:23 -0500] - windows_search_entry: recieved 2
>> messages, 1 entries, 0 references
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): map_entry_dn_outbound: return code 0 from search
>> for AD entry dn="<GUID=33f6701d2a3e7c438910f79bbae7c68d>" or
>> dn="CN=Firstname Lastname,OU=Site,OU=People,DC=windowsdomain,DC=com"
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): windows_replay_update: Processing rename
>> operation local
>> dn="uid=firstname.lastname,cn=users,cn=accounts,dc=389domain,dc=com"
>> remote dn="<GUID=33f6701d2a3e7c438910f79bbae7c68d>"
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): Received result code 10 (0000202B: RefErr:
>> DSID-031006E0, data 0, 1 access points ref 1: '389domain.com' )
>> for rename operation
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): Consumer failed to replay change (uniqueid
>> 7d004901-1dd211b2-8b5dd0c5-afab0000, CSN 4b67cc4f000000030000): Referral
>> received. Will retry later.
>> [08/Feb/2010:13:02:23 -0500]
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636) - session end: state=0 load=1 sent=1 skipped=5
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): Beginning linger on the connection
>> [08/Feb/2010:13:02:23 -0500] NSMMReplicationPlugin -
>> agmt="cn=meToDomainController.windowsdomain.com636"
>> (DomainController:636): State: sending_updates -> start_backoff
>>
>>
>>
>>
>> Rich Megginson wrote:
>>
>>
>>> James Roman wrote:
>>>
>>>
>>>
>>>> We have what appears to be a single replication operation holding up all
>>>> subsequent replication changes. We had a user who was added to our
>>>> Active Directory with an incorrect name. The record was then synced down
>>>> to our 389 DS server/FreeIPA. When the problem was discovered, it
>>>> appears that someone attempted to change the records on both the AD and
>>>> Directory Server between replication attempts. We are now stuck in a
>>>> loop, where the Directory Server is trying to send the rename operation
>>>> to the Active Directory, but it keeps failing due to receiving a
>>>> referral (presumably because the rename operation has already occurred
>>>> manually, but not sure).
>>>>
>>>>
>>>>
>>> I don't think so. AD uses referrals (continuation references) for other
>>> things.
>>>
>>> First, what platform and what 389 version? What freeipa version?
>>>
>>> Please post any relevant log or error messages.
>>>
>>>
>>>
>>>> To make things worse, it appears that any
>>>> subsequent changes are stuck waiting for this transaction to complete.
>>>>
>>>> How can I rectify a referral operation from my AD server. I assume that
>>>> because I have only one LDAP connection to my AD servers that a referral
>>>> will never work properly. How can I get around this issue? Is there a
>>>> way to revoke this one change and have the Directory begin processing
>>>> subsequent changes?
>>>> --
>>>> 389 users mailing list
>>>> 389-users at lists.fedoraproject.org
>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>
>>>>
>>>>
>>>>
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
