create the .ldif below and add it each supplier agreement using ldapmodify?
dn: cn="Replication to p-ldap-isvr02.example.com",cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config
changetype: modify
replace: nsds5replicatedattributelist
nsds5replicatedattributelist: (objectclass=*) $ EXCLUDE accountunlocktime passwordretrycount retrycountresettime memberof
Would each consumer need to be re-initialized after making a change like this?
Thanks,
Stephen
On Thu, Mar 10, 2011 at 8:04 AM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
On 03/09/2011 10:34 PM, Stephen Agar wrote:It is now supported in most cases. Please direct me to statements like the above in our docs and I will fix them.In my previous reading it seemed like fractional replication wasn't possible in a multi-master environment. Statements like this from the administrators guide: "Fractional replication can only be done where the consumer is a read-only replica" are what i'm referring to. Am I misunderstanding what fractional replication is?
Thanks
On Wed, Mar 9, 2011 at 11:18 AM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
On 03/09/2011 10:11 AM, Stephen Agar wrote:I suppose this might be a problem if the schema were somehow different between the two servers, which could happen if you added the schema via a file and not via LDAP.I've seen multiple different types of changes in there flagged as this issue.
- Some was a custom "directory string" attribute, being change from value notActivated to activated
See http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Managing_Replication-Replicating-Password-Attributes
- Some password account lockout attributes, resettime, etc.
memberof should not be replicated - see http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#groups-cmd-memberof
- Most are modifications to the "memberof" attribute, which is set by the member plugin
there is an Important Note on that page about replicating memberof
- Some are password changesI suppose this could be possible if the password policy is different on the supplier and the consumer
In all cases that i've checked, the data seems to be correct and consistent across all 4 nodes.
Thanks for any insight.
--stephen
On Tue, Mar 8, 2011 at 3:21 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
On 03/08/2011 11:17 AM, Stephen Agar wrote:What are these changes? What operations, attributes, values, etc.I have a 4 server multi master replication setup going on. We get a lot of errors like this:
NSMMReplicationPlugin - agmt="cn="Replication to server"" (server:636): Consumer failed to replay change (uniqueid 2365a885-b85511df-ad54b6ca-51ecbecb, CSN 4d6ceae5000700010000): DSA is unwilling to perform. Will retry later.
I've used cl-dump on all four nodes to dump the logs and track these down. However, all of the "offending" changes that say they weren't made do indeed seem to be applied on all 4 nodes.
Is there a command I can use to remove specific entries from the changelog? In the past, i've just re-initialized nodes to get rid of these, but that's certainly not the preferred way to do this.-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
Thanks,
Stephen
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
