[Freeipa-users] 389-DS crashed
Rich Megginson
rmeggins at redhat.com
Thu Jun 23 15:06:33 UTC 2011
On 06/23/2011 08:02 AM, Attila Bogár wrote:
> Hi,
>
> I deleted more than 50 users from AD and expected IPA to do the same.
> However the EXAMPLE-COM 389-ds instance just crashed and I can't start
> it anymore.
>
> Could you please help with this issue?
>
> The error logging is set to REPL|PLUGIN.
> I can see the following in error log:
>
> tail /var/log/dirsrv/slapd-EXAMPLE-COM/errors
>
> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin -
> agmt="cn=meTodc1.win.example.com" (dc1:389): map_entry_dn_outbound:
> looking for AD entry for DS
> dn="uid=mtf,cn=users,cn=accounts,dc=example,dc=com"
> guid="cc62cd9765c139458d9a21fdddf50eae"
> [23/Jun/2011:14:55:51 +0100] - Calling windows entry search request
> plugin
> [23/Jun/2011:14:55:51 +0100] ipa-winsync - -->
> ipa_winsync_pre_ad_search_cb -- begin
> [23/Jun/2011:14:55:51 +0100] ipa-winsync - <--
> ipa_winsync_pre_ad_search_cb -- end
> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin - Could not
> retrieve entry from Windows using search base
> [<GUID=cc62cd9765c139458d9a21fdddf50eae>] scope [0] filter
> [(objectclass=*)]: error 32:No such object
> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin -
> agmt="cn=meTodc1.win.example.com" (dc1:389): map_entry_dn_outbound:
> return code -1 from search for AD entry
> dn="<GUID=cc62cd9765c139458d9a21fdddf50eae>" or dn="(null)"
> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin -
> agmt="cn=meTodc1.win.example.com" (dc1:389): map_entry_dn_outbound:
> entry not found - rc -1
> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin -
> agmt="cn=meTodc1.win.example.com" (dc1:389): windows_replay_update:
> Processing modify operation local
> dn="uid=mtf,cn=users,cn=accounts,dc=example,dc=com" remote
> dn="<GUID=cc62cd9765c139458d9a21fdddf50eae>"
> [23/Jun/2011:14:55:51 +0100] ipa-winsync - -->
> ipa_winsync_pre_ad_mod_user_mods_cb -- begin
> [23/Jun/2011:14:55:51 +0100] ipa-winsync - <-- ipa_check_account_lock
> - entry [uid=mtf,cn=users,cn=accounts,dc=example,dc=com] has real
> attribute nsAccountLock and entry is locked
Does the user mtf exist in AD?
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list