Re: Consumer Initialization Failure

["Wick, Samson" <SWick@xxxxxxxx>]

The number of  “userPassword;vucsn-#####;deleted:” for these three particular users is apparently so high that it makes the object too big to import into a new replica.

 

Is there a way to verify that these are being trimmed like they should?  Does this behavior have something to do with the replica’s “Purge Delay” value?

 

Is there  a way to find date and time from the vucsn number?

 

Is there a way to manually purge these entries, or to shorten the interval between trimmings?

 

Thanks

 

 

 

From: Rich Megginson [mailto:rmeggins@xxxxxxxxxx]
Sent: Tuesday, September 03, 2013 10:15 AM
To: Wick, Samson
Cc: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] Consumer Initialization Failure

 

On 09/03/2013 08:47 AM, Wick, Samson wrote:

It probably doesn’t make a lot of difference but I used:

                rpm -qi 389 and used the metadata to determine the version rather than the name of the rpm.

 

What is the preferred method of determining version number?

rpm -qi 389-ds-base

 

Is there a good place I can go to educate myself on what a “vucsn” actually means, and possibly why I have hundreds of thousands of them for userPassword in my initialization files?

It is replication meta-data which is supposed to be automatically trimmed.

 

Thanks

 

From: Rich Megginson [mailto:rmeggins@xxxxxxxxxx]
Sent: Friday, August 30, 2013 2:43 PM
To: General discussion list for the 389 Directory server project.
Cc: Wick, Samson
Subject: Re: [389-users] Consumer Initialization Failure

 

On 08/30/2013 01:24 PM, Wick, Samson wrote:

Running 389-ds version 1.2.2-1 (according to the rpm)

rpm -q 389-ds-base

version of 389-ds is almost meaningless

 

In attempting to stand up a new consumer in our environment, the process of allowing the supplier to initialize the consumer directly would corrupt the consumer irrevocably.

 

I have ruled out firewalls, SSL issues etc.

 

When attempting to initialize via an ldif, I get errors on three user accounts more or less identical to this:

 

WARNING: skipping entry “uid=<etc…..>” ending line 296901 of file “<path to my ldif file>”

REASON: entry too large (15503712 bytes) for the buffer size (8388608 bytes)

 

When I examine the ldif file that the supplier created, the three user objects it’s complaining about all have +/- 100,000 entries like this:

 

userPassword;vucsn-520b35cb000000010000;deleted: {SSHA256}5WJ9hosO3JO9VLa32nqxmGjn3XoShD1c1g+abekZDCFTX1MM187Bjg==

 

Each line has a different hash.  But most of the other user objects only have a couple of these lines.

 

Clearly 100k+ password changes is a little excessive and it’s something I’ll need to look into, but in the meantime, can anyone help me figure out what has caused all of these to remain in the directory, and what can I do to clean them up?

 

 

 

Thanks,

Samson

 

 

--

389 users mailing list

389-users@xxxxxxxxxxxxxxxxxxxxxxx

https://admin.fedoraproject.org/mailman/listinfo/389-users

 

 

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users