[Freeipa-users] Replica not syncing 'memberOf' attributes

Rich Megginson rmeggins at redhat.com
Fri Oct 8 17:18:51 UTC 2010 

Dan Scott wrote:
> On Fri, Oct 8, 2010 at 11:39, James Roman <james.roman at ssaihq.com> wrote:
>   
>>> So does anyone have any more suggestions? Or should I just configure a
>>> new replica with new hostname and IP?
>>>
>>> Thanks,
>>>
>>> Dan
>>>       
>> I've seen the initial problem where the memberof elements stop updating on
>> my own FreeIPA v1 replica as well. Normally it happens after I perform a
>> full init of the replica. The subsequent errors you are experiencing have
>> not occurred on my system. You have not indicated a synchronization error
>> anywhere, but they tend to get buried in the error logs. I assume you are
>> not short on disk space on the replica. I also assume that the /var has not
>> been mounted as read-only. (I've had a few oddities where disk/storage
>> problems have caused a file-system to be remounted read-only recently)
>>
>> Out of curiosity, if you modify a user on the replica, do the changes get
>> saved to the record? If you add a user to a new group on the replica does
>> the memberof attribute get added to the user's record?
>>     
>
> Hmm, very strange. Adding my user to another group appears to have
> fixed the memberOf attributes for my user on the replica....
>
> Presumably, the fixup-memberof.pl script is supposed to do this -
> strange that it does not appear to work.
>
> I can create a temporary group, add all users to it and then remove
> them again - possibly that would fix the problem?
>
> I'm still a little concerned by log entries such as (on the replica):
>
> NSMMReplicationPlugin - replica_check_for_data_reload: Warning: data
> for replica dc=example,dc=com was reloaded and it no longer matches
> the data in the changelog (replica data > changelog). Recreating the
> changelog file. This could affect replication with replica's consumers
> in which case the consumers should be reinitialized.
>   
You should only see this once.  This is ok for an initial initialization 
or a reinitialization.
> Thanks,
>
> Dan
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>

More information about the Freeipa-users mailing list