[Freeipa-users] Replica not syncing 'memberOf' attributes

Rich Megginson rmeggins at redhat.com
Fri Oct 8 19:47:37 UTC 2010 

Dan Scott wrote:
> On Fri, Oct 8, 2010 at 13:18, Rich Megginson <rmeggins at redhat.com> wrote:
>   
>> Dan Scott wrote:
>>     
>>> On Fri, Oct 8, 2010 at 11:39, James Roman <james.roman at ssaihq.com> wrote:
>>>
>>>       
>>>>> So does anyone have any more suggestions? Or should I just configure a
>>>>> new replica with new hostname and IP?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Dan
>>>>>
>>>>>           
>>>> I've seen the initial problem where the memberof elements stop updating
>>>> on
>>>> my own FreeIPA v1 replica as well. Normally it happens after I perform a
>>>> full init of the replica. The subsequent errors you are experiencing have
>>>> not occurred on my system. You have not indicated a synchronization error
>>>> anywhere, but they tend to get buried in the error logs. I assume you are
>>>> not short on disk space on the replica. I also assume that the /var has
>>>> not
>>>> been mounted as read-only. (I've had a few oddities where disk/storage
>>>> problems have caused a file-system to be remounted read-only recently)
>>>>
>>>> Out of curiosity, if you modify a user on the replica, do the changes get
>>>> saved to the record? If you add a user to a new group on the replica does
>>>> the memberof attribute get added to the user's record?
>>>>
>>>>         
>>> Hmm, very strange. Adding my user to another group appears to have
>>> fixed the memberOf attributes for my user on the replica....
>>>
>>> Presumably, the fixup-memberof.pl script is supposed to do this -
>>> strange that it does not appear to work.
>>>
>>> I can create a temporary group, add all users to it and then remove
>>> them again - possibly that would fix the problem?
>>>
>>> I'm still a little concerned by log entries such as (on the replica):
>>>
>>> NSMMReplicationPlugin - replica_check_for_data_reload: Warning: data
>>> for replica dc=example,dc=com was reloaded and it no longer matches
>>> the data in the changelog (replica data > changelog). Recreating the
>>> changelog file. This could affect replication with replica's consumers
>>> in which case the consumers should be reinitialized.
>>>
>>>       
>> You should only see this once.  This is ok for an initial initialization or
>> a reinitialization.
>>     
>
> OK, thanks. I also get the following (on both master and replica) on
> each alteration of LDAP:
>
> NSMMReplicationPlugin - repl_set_mtn_referrals: could not set
> referrals for replica dc=example,dc=com: 20
>
> Is this expected/normal?
>   
It is a bug, but I think it is benign.  It just means it is attempting 
to set a value, but the value is already set.
> Thanks,
>
> Dan
>

More information about the Freeipa-users mailing list