Re: replication question

[Sergei Gerasenko <gerases@xxxxxxxxx>]

Looks like I have a replication conflict but I’m not sure if it’s really the cause of the problem.

ldapsearch -xLLL -o ldif-wrap=no -D cn='directory manager' -w PWD -h ipa102.cnvr.net -b 'dc=CNVR,dc=NET' nsDS5ReplConflict=* dn

cn=System: Read Certmap Configuration+nsuniqueid=0cefb68c-0b9111e8-9447e803-d19ee9c0,cn=permissions,cn=pbac,dc=cnvr,dc=net

cn=ipa201-to-ipa202+nsuniqueid=73b7ef20-2e2211e8-bd0bfbd1-7f1a6887,cn=domain,cn=topology,cn=ipa,cn=etc,dc=XXX,dc=net

Those two hosts don’t exist anymore. I rekicked them and changed their names to ipa204 and ipa203 respectively.

Do I delete that on each host where the conflict is shown or just one?

On Mar 23, 2018, at 8:52 AM, Mark Reynolds <mreynolds@xxxxxxxxxx> wrote:

On 03/23/2018 09:05 AM, JESSE LUNT wrote:

Here is the dse.ldif on 389ds2 (strange that it is in a slapd-389ds1 directory, I thought it was supposed to create a directory named slapd-hostname. Could this server be a clone? )

Perhaps, but you can name an instance anything you want.

I see a problem here:

dn: cn=replica,cn=dc\3Dnorthshore\2Cdc\3Dedu,cn=mapping tree,cn=config

...
...

nsDS5ReplicaBindDN: cn=directory manager


nsDS5ReplicaBindDN needs to be one of the replication managers (you have two) - it should not be the "Directory Manager":

uid=rmanager,cn=config or  uid=RManager2,cn=config


Then on the replication agreement(s) on 389ds1, make sure the agreement bind dn (and credentials) is for one of these replication managers.

Fix this first, and lets see what happens.

Mark

On Thu, Mar 22, 2018 at 4:08 PM, Mark Reynolds <mreynolds@xxxxxxxxxx> wrote:

On 03/22/2018 04:04 PM, JESSE LUNT wrote:

When I access the 389ds2 using an ldap browser, I still do not see the user Root database. However, would I see it if it hasn't finished initializing?

You said you already created the userRoot database on 389ds2, so you are saying you don't see it anymore?

Any chance I could see the dse.ldif from 389ds2?  Perhaps 389ds2 is not properly configured?

Anyway you need to look at the logs next to figure out why the initialization is not occurring.  The access log should show a connection coming from 389ds1, and it binding as your replication manager.  The errors log might also have useful info (on either server).

Mark

Jesse

Sent from my iPhone

On Mar 22, 2018, at 1:30 PM, Mark Reynolds <mreynolds@xxxxxxxxxx> wrote:

How man entries are in the 389ds1?

You need to look at the access/errors logs on 389ds2 to see if 389ds1 is making contact and what is it doing.

It's also possible it finished initializing.  Are there any entries on 389ds2?  If you make an update on 389ds1 does it appear on 389ds2?

On 03/22/2018 12:51 PM, JESSE LUNT wrote:

Hello,

      I am trying to replicate my userRoot database to another 389LDAP server (supplier: 389ds1, consumer: 389ds2). The database on the supplier has not been replicated to any server for more than 2 years. (yikes!!!). 

I have been successful in backing up the database in question, and am now trying to create a replica agreement. I created the root suffix on the consumer side (389ds2) and then created a replication agreement from the admin console. The admin console has been in the state of wait while consumer is initialized. 

<image.png>

Here is the output from the repl-monitor script

Enter password for (:): Master: 389ds1.northshore.edu:389 ldap://389ds1.northshore.edu:389/

Replica ID: 1212

Replica Root: dc=northshore,dc=edu

Max CSN: 5ab3dd8f000004bc0000 (03/22/2018 12:45:03)

Use of uninitialized value in string at /usr/bin/repl-monitor.pl line 814, <> line 1.

Use of uninitialized value in join or string at /usr/bin/repl-monitor.pl line 1151, <> line 1.

Receiver: 389ds2.northshore.edu:389 ldap://389ds2.northshore.edu:389/

Type: consumer

Time Lag: - ?:??:??

Max CSN: none

Use of uninitialized value in concatenation (.) or string at /usr/bin/repl-monitor.pl line 855, <> line 1.

Last Modify Time:

Supplier: 389ds1.northshore.edu:389

Sent/Skipped: 0 / 0

Update Status: 0 Replica acquired successfully: Incremental update started

Update Started: 03/22/2018 12:45:01

Update Ended: 03/22/2018 12:45:01

Schedule: always in sync

SSL: n

Replica ID: 1971

Replica Root: o=netscaperoot

Max CSN: 5ab1364d000407b30000 (03/20/2018 12:26:53 4 0)

Receiver: 389ds2.northshore.edu:389 ldap://389ds2.northshore.edu:389/

Type: consumer

Time Lag: 0:00:00

Max CSN: 5ab1364d000407b30000 (03/20/2018 12:26:53 4 0)

Last Modify Time: 3/20/2018 12:26:52

Supplier: 389ds1.northshore.edu:389

Sent/Skipped: 0 / 0

Update Status: 0 Replica acquired successfully: Incremental update succeeded

Update Started: 03/20/2018 13:58:15

Update Ended: 03/20/2018 13:58:15

Schedule: always in sync

SSL: n

My question is... is this hung or is the replication initialization going to take days because of how long it has been since it has replicated the database?

--

Thanks,

Jesse

_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org

--

Jesse Lunt

Director of Network and User Services

Office of Information Services

North Shore Community College

(978)-762-4014

_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx

_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx