[Freeipa-users] Replica not syncing 'memberOf' attributes
Dan Scott
danieljamesscott at gmail.com
Fri Oct 8 14:15:38 UTC 2010
On Thu, Oct 7, 2010 at 11:47, Dan Scott <danieljamesscott at gmail.com> wrote:
> On Thu, Oct 7, 2010 at 11:32, James Roman <james.roman at ssaihq.com> wrote:
>> On 10/07/2010 11:20 AM, Rich Megginson wrote:
>>>
>>> 20 is "type or value exists" - I think this means that it is attempting to
>>> set a referral for the master, but there already is one.
>>>>
>>>> Curie contains the same log entry.
>>>>
>>>> But, none of the users contain the memberOf attributes on ohm.
>>>
>>> Does IPA have its own memberOf plugin, or is it using the one from 389?
>>
>> The answer is that it can, depending on the version of 389 that was initally
>> installed.
>>
>> Try running the following to see how many memberof plugins you have and
>> whether they are enabled.
>>
>> [#} ldapsearch -x -D "cn=directory manager" -W -LLL -b
>> "cn=plugins,cn=config" -s one 'cn=*member*' cn nsslapd-pluginEnabled
>> Enter LDAP Password:
>> dn: cn=ipa-memberof,cn=plugins,cn=config
>> cn: ipa-memberof
>> nsslapd-pluginEnabled: on
>>
>> dn: cn=MemberOf Plugin,cn=plugins,cn=config
>> cn: MemberOf Plugin
>> nsslapd-pluginEnabled: off
>
> Looks like I'm using the ipa-memberof plugin:
>
> [root at ohm ~]# ldapsearch -x -D "cn=directory manager" -W -LLL -b
> "cn=plugins,cn=config" -s one 'cn=*member*' cn nsslapd-pluginEnabled
> Enter LDAP Password:
> dn: cn=ipa-memberof,cn=plugins,cn=config
> cn: ipa-memberof
> nsslapd-pluginEnabled: on
>
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> cn: MemberOf Plugin
> nsslapd-pluginEnabled: off
>
> This result is the same for both servers. I ran with the '-h' option
> using each host name.
So does anyone have any more suggestions? Or should I just configure a
new replica with new hostname and IP?
Thanks,
Dan
More information about the Freeipa-users
mailing list