[Freeipa-users] Replica not syncing 'memberOf' attributes
Simo Sorce
ssorce at redhat.com
Wed Oct 6 15:32:14 UTC 2010
On Wed, 6 Oct 2010 10:26:48 -0400
Dan Scott <danieljamesscott at gmail.com> wrote:
> Hi,
>
> I have master and slave FreeIPA servers. I recently upgraded the slave
> by wiping, re-installing Fedora 13 and re-creating the replication
> using ipa-replica-prepare and ipa-replica-install.
>
> For some reason, the slave is having difficulty replicating the
> memberOf attribute. I can attach an LDAP viewer to the replica, and
> view the schema, but the memberOf attributes are missing. Also, the
> master server contains the lines:
>
> - Entry "cn=admins,cn=groups,cn=accounts,dc=example,dc=com" --
> attribute "memberOf" not allowed
> NSMMReplicationPlugin - repl_set_mtn_referrals: could not set
> referrals for replica dc=example,dc=com: 20
> NSMMReplicationPlugin - replica_reload_ruv: Warning: new data for
> replica dc=example,dc=com does not match the data in the changelog.
> Recreating the changelog file. This could affect replication with
> replica's consumers in which case the consumers should be
> reinitialized.
> [06/Oct/2010:09:58:33 -0400] - skipping cos definition cn=account
> inactivation,cn=accounts,dc=example,dc=com--no templates found
>
> The rest of the replication appears to be working correctly (as far as
> I can tell).
>
> I have tried using ipa-replica-manage init and synch to try to fix the
> replication, but I suspect this has something to do with the schema
> definition.
>
> Does anyone have any pointers/ideas for how I can fix this?
Dan, the memberof attribute is explicitly not replicated, and should be
simply re-generated on the receiving replica when "member" attributes
are replicated.
Are the IPA versions on the master and the replica the same ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list