James Roman wrote: > We have what appears to be a single replication operation holding up all > subsequent replication changes. We had a user who was added to our > Active Directory with an incorrect name. The record was then synced down > to our 389 DS server/FreeIPA. When the problem was discovered, it > appears that someone attempted to change the records on both the AD and > Directory Server between replication attempts. We are now stuck in a > loop, where the Directory Server is trying to send the rename operation > to the Active Directory, but it keeps failing due to receiving a > referral (presumably because the rename operation has already occurred > manually, but not sure). I don't think so. AD uses referrals (continuation references) for other things. First, what platform and what 389 version? What freeipa version? Please post any relevant log or error messages. > To make things worse, it appears that any > subsequent changes are stuck waiting for this transaction to complete. > > How can I rectify a referral operation from my AD server. I assume that > because I have only one LDAP connection to my AD servers that a referral > will never work properly. How can I get around this issue? Is there a > way to revoke this one change and have the Directory begin processing > subsequent changes? > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
