[Freeipa-users] 389-DS crashed

Rich Megginson rmeggins at redhat.com
Thu Jun 23 15:06:33 UTC 2011 

On 06/23/2011 08:02 AM, Attila Bogár wrote:
> Hi,
>
> I deleted more than 50 users from AD and expected IPA to do the same.
> However the EXAMPLE-COM 389-ds instance just crashed and I can't start 
> it anymore.
>
> Could you please help with this issue?
>
> The error logging is set to REPL|PLUGIN.
> I can see the following in error log:
>
> tail /var/log/dirsrv/slapd-EXAMPLE-COM/errors
>
> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin - 
> agmt="cn=meTodc1.win.example.com" (dc1:389): map_entry_dn_outbound: 
> looking for AD entry for DS 
> dn="uid=mtf,cn=users,cn=accounts,dc=example,dc=com" 
> guid="cc62cd9765c139458d9a21fdddf50eae"
> [23/Jun/2011:14:55:51 +0100] - Calling windows entry search request 
> plugin
> [23/Jun/2011:14:55:51 +0100] ipa-winsync - --> 
> ipa_winsync_pre_ad_search_cb -- begin
> [23/Jun/2011:14:55:51 +0100] ipa-winsync - <-- 
> ipa_winsync_pre_ad_search_cb -- end
> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin - Could not 
> retrieve entry from Windows using search base 
> [<GUID=cc62cd9765c139458d9a21fdddf50eae>] scope [0] filter 
> [(objectclass=*)]: error 32:No such object
> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin - 
> agmt="cn=meTodc1.win.example.com" (dc1:389): map_entry_dn_outbound: 
> return code -1 from search for AD entry 
> dn="<GUID=cc62cd9765c139458d9a21fdddf50eae>" or dn="(null)"
> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin - 
> agmt="cn=meTodc1.win.example.com" (dc1:389): map_entry_dn_outbound: 
> entry not found - rc -1
> [23/Jun/2011:14:55:51 +0100] NSMMReplicationPlugin - 
> agmt="cn=meTodc1.win.example.com" (dc1:389): windows_replay_update: 
> Processing modify operation local 
> dn="uid=mtf,cn=users,cn=accounts,dc=example,dc=com" remote 
> dn="<GUID=cc62cd9765c139458d9a21fdddf50eae>"
> [23/Jun/2011:14:55:51 +0100] ipa-winsync - --> 
> ipa_winsync_pre_ad_mod_user_mods_cb -- begin
> [23/Jun/2011:14:55:51 +0100] ipa-winsync - <-- ipa_check_account_lock 
> - entry [uid=mtf,cn=users,cn=accounts,dc=example,dc=com] has real 
> attribute nsAccountLock and entry is locked
Does the user mtf exist in AD?
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list