Re: Failed to send extended operation: LDAP error -1 (Can't contact LDAP server)

[Rich Megginson <rmeggins@xxxxxxxxxx>]

On 05/05/2014 10:49 AM, Graham Leggett wrote:
> On 05 May 2014, at 6:24 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
>
> > I think the problem is this:
> >
> > [05/May/2014:17:34:41 +0200] - import userRoot: WARNING: Skipping entry "nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,o=Foo,c=ZA" which has no parent, ending at line 18 of file "/tmp/replica.ldif"
> >
> > Does the consumer have a suffix o=Foo,c=ZA, with its own database, and with its own cn=replica entry?
> It does, yes.
>
> The first two entries seem to be in the wrong order, the second line creates the root, while the first line takes it for granted that the root is already there:

Ok.  This looks like a problem with indexing on the master.
https://bugzilla.redhat.com/show_bug.cgi?id=1062164
The solution for that customer was to reindex the nsuniqueid index using 
db2index[.pl]

> version: 1
>
> # entry-id: 1
> dn: nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,o=Foo,c=ZA
> objectClass: top
> objectClass: nsTombstone
> objectClass: extensibleobject
> nsUniqueId: ffffffff-ffffffff-ffffffff-ffffffff
> nsds50ruv: {replicageneration} 536731fb000000010000
> nsds50ruv: {replica 1 ldap://servera.example.com:389} 53673232000000010000 5367b
>   a58000800010000
> nsds50ruv: {replica 5 ldap://serverb.example.com:389}
> nsds50ruv: {replica 3 ldap://serverc.example.com:389}
> o: wired
> nsruvReplicaLastModified: {replica 1 ldap://servera.example.com:389} 00000000
> nsruvReplicaLastModified: {replica 5 ldap://serverb.example.com:389} 00000000
> nsruvReplicaLastModified: {replica 3 ldap://serverc.example.com:389} 00000000
>
> # entry-id: 2
> dn: o=Foo,c=ZA
> modifyTimestamp;adcsn-5367ba58000000010000;vucsn-5367ba58000000010000: 2014050
>   5081952Z
> modifiersName;adcsn-5367ba58000000010000;vucsn-5367ba58000000010000: cn=direct
>   ory manager
> aci;adcsn-5367ba58000000010000;vucsn-5367ba58000000010000: (targetattr="*")(ve
>   rsion 3.0; acl "Configuration Administrators Group"; allow (all) groupdn="ld
>   ap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=N
>   etscapeRoot";)
> aci;vucsn-5367ba58000000010000: (targetattr="*")(version 3.0; acl "Configurati
>   on Administrator"; allow (all) userdn="ldap:///uid=admin,ou=Administrators,
>   ou=TopologyManagement, o=NetscapeRoot";)
> aci;vucsn-5367ba58000000010000: (targetattr = "*")(version 3.0; acl "SIE Group
>   "; allow (all) groupdn = "ldap:///cn=slapd-servera, cn=CentOs Directory Ser
>   ver, cn=Server Group, cn=servera.example.com, ou=example.com, o=NetscapeRoot";)
> objectClass;vucsn-53673232000000010000: top
> objectClass;vucsn-53673232000000010000: organization
> o;vucsn-53673232000000010000;mdcsn-53673232000000010000: Wired
> creatorsName;vucsn-53673232000000010000: cn=directory manager
> createTimestamp;vucsn-53673232000000010000: 20140504223858Z
> nsUniqueId: c0abd788-d3dc11e3-a8fe9749-4cbd5e1c
>
> Regards,
> Graham
> --
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users