[Freeipa-users] FreeIPA password sync one direction only (Windows DC -> IPA)
Steve Dainard
sdainard at miovision.com
Tue May 21 21:48:02 UTC 2013
Thanks Rich, appreciate the help.
I've answered inline some of your questions but I think I can answer most
of your questions by showing the entire process I followed (passwords have
been replaced by '...'):
[root at ipa1 ~]# ipa-server-install --setup-dns -p '...' -a '...' -r
MIOVISION.LINUX -n miovision.linux --hostname ipa1.miovision.linux
The log file for this installation can be found in
/var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.
This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Configure the Network Time Daemon (ntpd)
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
* Configure DNS (bind)
To accept the default shown in brackets, press the Enter key.
Existing BIND configuration detected, overwrite? [no]: yes
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.
Server host name [ipa1.miovision.linux]:
Warning: skipping DNS resolution of host ipa1.miovision.linux
Unable to resolve IP address for host name
Please provide the IP address to be used for this host name: 10.0.6.3
Adding [10.0.6.3 ipa1.miovision.linux] to your /etc/hosts file
Do you want to configure DNS forwarders? [yes]:
Enter the IP address of DNS forwarder to use, or press Enter to finish.
Enter IP address for a DNS forwarder: 10.0.0.2
DNS forwarder 10.0.0.2 added
Enter IP address for a DNS forwarder: 10.0.0.5
DNS forwarder 10.0.0.5 added
Enter IP address for a DNS forwarder:
Do you want to configure the reverse zone? [yes]:
Please specify the reverse zone name [6.0.10.in-addr.arpa.]:
Using reverse zone 6.0.10.in-addr.arpa.
The IPA Master Server will be configured with:
Hostname: ipa1.miovision.linux
IP address: 10.0.6.3
Domain name: miovision.linux
Realm name: MIOVISION.LINUX
BIND DNS server will be configured to serve IPA domain with:
Forwarders: 10.0.0.2, 10.0.0.5
Reverse zone: 6.0.10.in-addr.arpa.
Continue to configure the system with these values? [no]: yes
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server for the CA (pkids): Estimated time 30 seconds
[1/3]: creating directory server user
[2/3]: creating directory server instance
[3/3]: restarting directory server
Done configuring directory server for the CA (pkids).
Configuring certificate server (pki-cad): Estimated time 3 minutes 30
seconds
[1/21]: creating certificate server user
[2/21]: creating pki-ca instance
[3/21]: configuring certificate server instance
[4/21]: disabling nonces
[5/21]: creating CA agent PKCS#12 file in /root
[6/21]: creating RA agent certificate database
[7/21]: importing CA chain to RA certificate database
[8/21]: fixing RA database permissions
[9/21]: setting up signing cert profile
[10/21]: set up CRL publishing
[11/21]: set certificate subject base
[12/21]: enabling Subject Key Identifier
[13/21]: setting audit signing renewal to 2 years
[14/21]: configuring certificate server to start on boot
[15/21]: restarting certificate server
[16/21]: requesting RA certificate from CA
[17/21]: issuing RA agent certificate
[18/21]: adding RA agent as a trusted user
[19/21]: configure certificate renewals
[20/21]: configure Server-Cert certificate renewal
[21/21]: Configure HTTP to proxy connections
Done configuring certificate server (pki-cad).
Configuring directory server (dirsrv): Estimated time 1 minute
[1/38]: creating directory server user
[2/38]: creating directory server instance
[3/38]: adding default schema
[4/38]: enabling memberof plugin
[5/38]: enabling winsync plugin
[6/38]: configuring replication version plugin
[7/38]: enabling IPA enrollment plugin
[8/38]: enabling ldapi
[9/38]: disabling betxn plugins
[10/38]: configuring uniqueness plugin
[11/38]: configuring uuid plugin
[12/38]: configuring modrdn plugin
[13/38]: enabling entryUSN plugin
[14/38]: configuring lockout plugin
[15/38]: creating indices
[16/38]: enabling referential integrity plugin
[17/38]: configuring ssl for ds instance
[18/38]: configuring certmap.conf
[19/38]: configure autobind for root
[20/38]: configure new location for managed entries
[21/38]: restarting directory server
[22/38]: adding default layout
[23/38]: adding delegation layout
[24/38]: adding replication acis
[25/38]: creating container for managed entries
[26/38]: configuring user private groups
[27/38]: configuring netgroups from hostgroups
[28/38]: creating default Sudo bind user
[29/38]: creating default Auto Member layout
[30/38]: adding range check plugin
[31/38]: creating default HBAC rule allow_all
[32/38]: Upload CA cert to the directory
[33/38]: initializing group membership
[34/38]: adding master entry
[35/38]: configuring Posix uid/gid generation
[36/38]: enabling compatibility plugin
[37/38]: tuning directory server
[38/38]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds
[1/10]: adding sasl mappings to the directory
[2/10]: adding kerberos container to the directory
[3/10]: configuring KDC
[4/10]: initialize kerberos container
[5/10]: adding default ACIs
[6/10]: creating a keytab for the directory
[7/10]: creating a keytab for the machine
[8/10]: adding the password extension to the directory
[9/10]: starting the KDC
[10/10]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
[1/2]: starting kadmin
[2/2]: configuring kadmin to start on boot
Done configuring kadmin.
Configuring ipa_memcached
[1/2]: starting ipa_memcached
[2/2]: configuring ipa_memcached to start on boot
Done configuring ipa_memcached.
Configuring the web interface (httpd): Estimated time 1 minute
[1/13]: setting mod_nss port to 443
[2/13]: setting mod_nss password file
[3/13]: enabling mod_nss renegotiate
[4/13]: adding URL rewriting rules
[5/13]: configuring httpd
[6/13]: setting up ssl
[7/13]: setting up browser autoconfig
[8/13]: publish CA cert
[9/13]: creating a keytab for httpd
[10/13]: clean up any existing httpd ccache
[11/13]: configuring SELinux for httpd
[12/13]: restarting httpd
[13/13]: configuring httpd to start on boot
Done configuring the web interface (httpd).
Applying LDAP updates
Restarting the directory server
Restarting the KDC
Configuring DNS (named)
[1/9]: adding DNS container
[2/9]: setting up our zone
[3/9]: setting up reverse zone
[4/9]: setting up our own record
[5/9]: setting up kerberos principal
[6/9]: setting up named.conf
[7/9]: restarting named
[8/9]: configuring named to start on boot
[9/9]: changing resolv.conf to point to ourselves
Done configuring DNS (named).
Global DNS configuration in LDAP server is empty
You can use 'dnsconfig-mod' command to set global DNS options that
would override settings in local named.conf files
Restarting the web server
==============================================================================
Setup complete
...
[root at ipa1 openldap]# ipa-replica-manage connect --winsync --binddn
cn=administrator,cn=users,dc=miovision,dc=corp --bindpw '...' --passsync
'...' --cacert /etc/openldap/cacerts/miovision.ca.cer dc1.miovision.corp -v
Directory Manager password:
Added CA certificate /etc/openldap/cacerts/miovision.ca.cer to certificate
database for ipa1.miovision.linux
ipa: INFO: AD Suffix is: DC=miovision,DC=corp
The user for the Windows PassSync service is
uid=passsync,cn=sysaccounts,cn=etc,dc=miovision,dc=linux
ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica
acquired successfully: Incremental update started: start: 0: end: 0
ipa: INFO: Agreement is ready, starting replication . . .
Starting replication, please wait until this has completed.
Update in progress
Update in progress
Update succeeded
Connected 'ipa1.miovision.linux' to 'dc1.miovision.corp'
[root at ipa1 openldap]# ldapsearch -xLLL -D "cn=directory manager" -W -p 389
-h ipa1.miovision.corp -b cn=config
objectclass=nsdswindowsreplicationagreement dn nsds7WindowsReplicaSubtree
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
[root at ipa1 openldap]# /etc/init.d/dirsrv status
dirsrv MIOVISION-LINUX dead but pid file exists
dirsrv PKI-IPA dead but pid file exists
[root at ipa1 openldap]# /etc/init.d/dirsrv start
Starting dirsrv:
MIOVISION-LINUX.../etc/init.d/dirsrv: line 181: kill: (4785) - No such
process
not running, but pid file exists
MIOVISION-LINUX... attempting to start anyway [ OK ]
PKI-IPA.../etc/init.d/dirsrv: line 181: kill: (4853) - No such process
not running, but pid file exists
PKI-IPA... attempting to start anyway [ OK ]
[root at ipa1 openldap]# /etc/init.d/dirsrv status
dirsrv MIOVISION-LINUX (pid 5252) is running...
dirsrv PKI-IPA (pid 5329) is running...
[root at ipa1 openldap]# ldapsearch -xLLL -D "cn=directory manager" -W -p 389
-h ipa1.miovision.corp -b cn=config
objectclass=nsdswindowsreplicationagreement dn nsds7WindowsReplicaSubtree
Enter LDAP Password:
dn:
cn=meTodc1.miovision.corp,cn=replica,cn=dc\3Dmiovision\2Cdc\3Dlinux,cn=map
ping tree,cn=config
nsds7WindowsReplicaSubtree: cn=Users,DC=miovision,DC=corp
[root at ipa1 openldap]# ldapmodify -x -D "cn=directory manager" -W -p 389 -h
ipa1.miovision.linux <<EOF
> dn:
cn=meTodc1.miovision.corp,cn=replica,cn=dc\3Dmiovision\2Cdc\3Dlinux,cn=mapping
tree,cn=config
> changetype: modify
> replace: nsds7WindowsReplicaSubtree
> nsds7WindowsReplicaSubtree: CN=Shared Login,CN=users,DC=miovision,DC=corp
> EOF
Enter LDAP Password:
modifying entry
"cn=meTodc1.miovision.corp,cn=replica,cn=dc\3Dmiovision\2Cdc\3Dlinux,cn=mapping
tree,cn=config"
[root at ipa1 openldap]# ldapsearch -xLLL -D "cn=directory manager" -W -p 389
-h ipa1.miovision.corp -b cn=config
objectclass=nsdswindowsreplicationagreement dn nsds7WindowsReplicaSubtree
Enter LDAP Password:
dn:
cn=meTodc1.miovision.corp,cn=replica,cn=dc\3Dmiovision\2Cdc\3Dlinux,cn=map
ping tree,cn=config
nsds7WindowsReplicaSubtree: CN=Shared Login,CD=users,DC=miovision,DC=corp
[root at ipa1 openldap]# screen ipa-replica-manage re-initialize --from
dc1.miovision.corp
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
.....
*****************************************************************
[root at ipa1 slapd-MIOVISION-LINUX]# pstack 5252
Thread 43 (Thread 0x7fd38dcc7700 (LWP 5255)):
#0 0x00007fd39a6ff4f3 in select () from /lib64/libc.so.6
#1 0x00007fd39cc05679 in DS_Sleep () from /usr/lib64/dirsrv/libslapd.so.0
#2 0x00007fd3921d8d27 in ?? () from
/usr/lib64/dirsrv/plugins/libback-ldbm.so
#3 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#4 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#5 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 42 (Thread 0x7fd38d2c6700 (LWP 5256)):
#0 0x00007fd39a6ff4f3 in select () from /lib64/libc.so.6
#1 0x00007fd39cc05679 in DS_Sleep () from /usr/lib64/dirsrv/libslapd.so.0
#2 0x00007fd3921d9177 in ?? () from
/usr/lib64/dirsrv/plugins/libback-ldbm.so
#3 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#4 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#5 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 41 (Thread 0x7fd38c8c5700 (LWP 5257)):
#0 0x00007fd39a6ff4f3 in select () from /lib64/libc.so.6
#1 0x00007fd39cc05679 in DS_Sleep () from /usr/lib64/dirsrv/libslapd.so.0
#2 0x00007fd3921d8f87 in ?? () from
/usr/lib64/dirsrv/plugins/libback-ldbm.so
#3 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#4 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#5 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 40 (Thread 0x7fd38bec4700 (LWP 5258)):
#0 0x00007fd39a6ff4f3 in select () from /lib64/libc.so.6
#1 0x00007fd39cc05679 in DS_Sleep () from /usr/lib64/dirsrv/libslapd.so.0
#2 0x00007fd3921d9617 in ?? () from
/usr/lib64/dirsrv/plugins/libback-ldbm.so
#3 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#4 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#5 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 39 (Thread 0x7fd38b4c3700 (LWP 5259)):
#0 0x00007fd39a9bc43c in pthread_cond_wait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00fe7e in PR_WaitCondVar () from /lib64/libnspr4.so
#2 0x00007fd39cbf94eb in slapi_wait_condvar () from
/usr/lib64/dirsrv/libslapd.so.0
#3 0x00007fd393ca0f2e in ?? () from
/usr/lib64/dirsrv/plugins/libcos-plugin.so
#4 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#5 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#6 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 38 (Thread 0x7fd39cfbf700 (LWP 5260)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x00007fd391f47c57 in ?? () from
/usr/lib64/dirsrv/plugins/libreplication-plugin.so
#4 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#5 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#6 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 37 (Thread 0x7fd38aac2700 (LWP 5261)):
#0 0x00007fd39cb99e5c in slapi_sdn_done () from
/usr/lib64/dirsrv/libslapd.so.0
#1 0x00007fd391f841b2 in ?? () from
/usr/lib64/dirsrv/plugins/libreplication-plugin.so
#2 0x00007fd391f843ac in ?? () from
/usr/lib64/dirsrv/plugins/libreplication-plugin.so
#3 0x00007fd391f88395 in windows_dirsync_inc_run () from
/usr/lib64/dirsrv/plugins/libreplication-plugin.so
#4 0x00007fd391f8d63d in ?? () from
/usr/lib64/dirsrv/plugins/libreplication-plugin.so
#5 0x00007fd391f61c2a in ?? () from
/usr/lib64/dirsrv/plugins/libreplication-plugin.so
#6 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#7 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#8 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 36 (Thread 0x7fd38a0c1700 (LWP 5262)):
#0 0x00007fd39a9bc43c in pthread_cond_wait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00fe7e in PR_WaitCondVar () from /lib64/libnspr4.so
#2 0x00007fd39cbf94eb in slapi_wait_condvar () from
/usr/lib64/dirsrv/libslapd.so.0
#3 0x00007fd3908ad1df in ?? () from
/usr/lib64/dirsrv/plugins/libroles-plugin.so
#4 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#5 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#6 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 35 (Thread 0x7fd3896c0700 (LWP 5263)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x000000000041b2b3 in ?? ()
#4 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#5 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#6 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 34 (Thread 0x7fd388cbf700 (LWP 5264)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x00007fd39cbaab87 in ?? () from /usr/lib64/dirsrv/libslapd.so.0
#4 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#5 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#6 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 33 (Thread 0x7fd37bd8e700 (LWP 5265)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 32 (Thread 0x7fd37b38d700 (LWP 5266)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 31 (Thread 0x7fd37a98c700 (LWP 5267)):
#0 0x00007fd39a6fd253 in poll () from /lib64/libc.so.6
#1 0x00007fd39b01189f in ?? () from /lib64/libnspr4.so
#2 0x0000000000412cf1 in ?? ()
#3 0x00000000004137c0 in ?? ()
#4 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#5 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#6 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 30 (Thread 0x7fd379f8b700 (LWP 5268)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 29 (Thread 0x7fd37958a700 (LWP 5269)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 28 (Thread 0x7fd378b89700 (LWP 5270)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 27 (Thread 0x7fd373fff700 (LWP 5271)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 26 (Thread 0x7fd3735fe700 (LWP 5272)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 25 (Thread 0x7fd372bfd700 (LWP 5273)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 24 (Thread 0x7fd3721fc700 (LWP 5274)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 23 (Thread 0x7fd3717fb700 (LWP 5275)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 22 (Thread 0x7fd370dfa700 (LWP 5276)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 21 (Thread 0x7fd3703f9700 (LWP 5277)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 20 (Thread 0x7fd36f9f8700 (LWP 5278)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 19 (Thread 0x7fd36eff7700 (LWP 5279)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 18 (Thread 0x7fd36e5f6700 (LWP 5280)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 17 (Thread 0x7fd36dbf5700 (LWP 5281)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 16 (Thread 0x7fd36d1f4700 (LWP 5282)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 15 (Thread 0x7fd36c7f3700 (LWP 5283)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 14 (Thread 0x7fd36bdf2700 (LWP 5284)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 13 (Thread 0x7fd36b3f1700 (LWP 5285)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 12 (Thread 0x7fd36a9f0700 (LWP 5286)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 11 (Thread 0x7fd369fef700 (LWP 5287)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 10 (Thread 0x7fd3695ee700 (LWP 5288)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 9 (Thread 0x7fd368bed700 (LWP 5289)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 8 (Thread 0x7fd3681ec700 (LWP 5290)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 7 (Thread 0x7fd3677eb700 (LWP 5291)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 6 (Thread 0x7fd366dea700 (LWP 5292)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 5 (Thread 0x7fd3663e9700 (LWP 5293)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 4 (Thread 0x7fd3659e8700 (LWP 5294)):
#0 0x00007fd39a9bc7bb in pthread_cond_timedwait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00f1d9 in ?? () from /lib64/libnspr4.so
#2 0x00007fd39b00fddc in PR_WaitCondVar () from /lib64/libnspr4.so
#3 0x0000000000413316 in ?? ()
#4 0x0000000000413dae in ?? ()
#5 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#6 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#7 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 3 (Thread 0x7fd364fe7700 (LWP 5295)):
#0 0x00007fd39a6ff4f3 in select () from /lib64/libc.so.6
#1 0x00007fd39cc05679 in DS_Sleep () from /usr/lib64/dirsrv/libslapd.so.0
#2 0x0000000000416b05 in ?? ()
#3 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#4 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#5 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 2 (Thread 0x7fd357fff700 (LWP 5296)):
#0 0x00007fd39a9bc43c in pthread_cond_wait@@GLIBC_2.3.2 () from
/lib64/libpthread.so.0
#1 0x00007fd39b00fe7e in PR_WaitCondVar () from /lib64/libnspr4.so
#2 0x0000000000421cb5 in ?? ()
#3 0x00007fd39b015a73 in ?? () from /lib64/libnspr4.so
#4 0x00007fd39a9b8851 in start_thread () from /lib64/libpthread.so.0
#5 0x00007fd39a70690d in clone () from /lib64/libc.so.6
Thread 1 (Thread 0x7fd39d05d7c0 (LWP 5252)):
#0 0x00007fd39a6fd253 in poll () from /lib64/libc.so.6
#1 0x00007fd39b01189f in ?? () from /lib64/libnspr4.so
#2 0x0000000000417ea7 in ?? ()
#3 0x000000000041f16f in ?? ()
#4 0x00007fd39a63ccdd in __libc_start_main () from /lib64/libc.so.6
#5 0x000000000040d159 in ?? ()
#6 0x00007fff63e04c98 in ?? ()
#7 0x000000000000001c in ?? ()
#8 0x0000000000000007 in ?? ()
#9 0x00007fff63e06629 in ?? ()
#10 0x00007fff63e0663c in ?? ()
#11 0x00007fff63e0663f in ?? ()
#12 0x00007fff63e06661 in ?? ()
#13 0x00007fff63e06664 in ?? ()
#14 0x00007fff63e0668e in ?? ()
#15 0x00007fff63e06691 in ?? ()
#16 0x0000000000000000 in ?? ()
Steve Dainard
Infrastructure Manager
Miovision Technologies Inc.
On Tue, May 21, 2013 at 3:22 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> On 05/21/2013 11:58 AM, Steve Dainard wrote:
>
> So over the weekend, with some serious tinkering I managed to brick that
> install beyond recovery.
>
> I've reinstalled, setup freeipa as a standalone CA with dns, and did the
> initial winsync agreement.
>
> After the initial agreement was synced I modified the nsds7WindowsReplicaSubtree
> entry
>
>
> How? ldapmodify?
>
Yes, see above process for syntax used.
>
>
> to reflect the AD group I want users sync'd from: CN=Shared Login,
> CN=Users,DC=miovision,DC=corp.
>
>
> Why didn't you just specify "CN=Shared Login,
> CN=Users,DC=miovision,DC=corp" initially with ipa-replica-manage
> --win-subtree?
>
>
> Note when attempting to do an initial ldapsearch I got a 'can't connect
> to LDAP server' message,
>
>
> Can you provide the exact ldapsearch command line you tried?
>
Yes, see above process for syntax used.
>
>
> and had to manually start dirsrv... this is probably already a bad sign.
>
>
> Was dirsrv running after you modified the nsds7WindowsReplicaSubtree entry?
> Did dirsrv crash? Do see any "Detected Disorderly Shutdown" messages in
> your errors logs?
>
>
>
Dirsrv seems to have stopped right after winsync agreement was formed. In
logs I don't see anything resembling a crash, but I do see shutdown
notifications. Full log:
[21/May/2013:12:19:12 -0400] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to access the
database
[21/May/2013:12:19:12 -0400] - check_and_set_import_cache: pagesize: 4096,
pages: 255146, procpages: 51280
[21/May/2013:12:19:12 -0400] - WARNING: After allocating import cache
408232KB, the available memory is 612352KB, which is less than the soft
limit 1048576KB. You may want to decrease the import cache size and rerun
import.
[21/May/2013:12:19:12 -0400] - Import allocates 408232KB import cache.
[21/May/2013:12:19:12 -0400] - import userRoot: Beginning import job...
[21/May/2013:12:19:12 -0400] - import userRoot: Index buffering enabled
with bucket size 100
[21/May/2013:12:19:12 -0400] - import userRoot: Processing file
"/var/lib/dirsrv/boot.ldif"
[21/May/2013:12:19:12 -0400] - import userRoot: Finished scanning file
"/var/lib/dirsrv/boot.ldif" (1 entries)
[21/May/2013:12:19:13 -0400] - import userRoot: Workers finished; cleaning
up...
[21/May/2013:12:19:13 -0400] - import userRoot: Workers cleaned up.
[21/May/2013:12:19:13 -0400] - import userRoot: Cleaning up producer
thread...
[21/May/2013:12:19:13 -0400] - import userRoot: Indexing complete.
Post-processing...
[21/May/2013:12:19:13 -0400] - import userRoot: Generating numSubordinates
complete.
[21/May/2013:12:19:13 -0400] - Nothing to do to build ancestorid index
[21/May/2013:12:19:13 -0400] - import userRoot: Flushing caches...
[21/May/2013:12:19:13 -0400] - import userRoot: Closing files...
[21/May/2013:12:19:13 -0400] - All database threads now stopped
[21/May/2013:12:19:13 -0400] - import userRoot: Import complete. Processed
1 entries in 1 seconds. (1.00 entries/sec)
[21/May/2013:12:19:15 -0400] - 389-Directory/1.2.11.15 B2013.105.2259
starting up
[21/May/2013:12:19:15 -0400] - Db home directory is not set. Possibly
nsslapd-directory (optinally nsslapd-db-home-directory) is missing in the
config file.
[21/May/2013:12:19:15 -0400] - I'm resizing my cache now...cache was
418029568 and is now 8000000
[21/May/2013:12:19:16 -0400] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[21/May/2013:12:19:16 -0400] - slapd shutting down - signaling operation
threads
[21/May/2013:12:19:16 -0400] - slapd shutting down - closing down internal
subsystems and plugins
[21/May/2013:12:19:16 -0400] - Waiting for 4 database threads to stop
[21/May/2013:12:19:17 -0400] - All database threads now stopped
[21/May/2013:12:19:17 -0400] - slapd stopped.
[21/May/2013:12:19:19 -0400] - 389-Directory/1.2.11.15 B2013.105.2259
starting up
[21/May/2013:12:19:19 -0400] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[21/May/2013:12:19:20 -0400] - The change of nsslapd-ldapilisten will not
take effect until the server is restarted
[21/May/2013:12:19:40 -0400] - Warning: Adding configuration attribute
"nsslapd-security"
[21/May/2013:12:19:40 -0400] - slapd shutting down - signaling operation
threads
[21/May/2013:12:19:40 -0400] - slapd shutting down - closing down internal
subsystems and plugins
[21/May/2013:12:19:40 -0400] - Waiting for 4 database threads to stop
[21/May/2013:12:19:40 -0400] - All database threads now stopped
[21/May/2013:12:19:40 -0400] - slapd stopped.
[21/May/2013:12:19:41 -0400] - 389-Directory/1.2.11.15 B2013.105.2259
starting up
[21/May/2013:12:19:41 -0400] attrcrypt - No symmetric key found for cipher
AES in backend userRoot, attempting to create one...
[21/May/2013:12:19:41 -0400] attrcrypt - Key for cipher AES successfully
generated and stored
[21/May/2013:12:19:41 -0400] attrcrypt - No symmetric key found for cipher
3DES in backend userRoot, attempting to create one...
[21/May/2013:12:19:41 -0400] attrcrypt - Key for cipher 3DES successfully
generated and stored
[21/May/2013:12:19:41 -0400] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[21/May/2013:12:19:41 -0400] - Listening on All Interfaces port 636 for
LDAPS requests
[21/May/2013:12:19:41 -0400] - Listening on
/var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
[21/May/2013:12:19:42 -0400] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which
should be added before the CoS Definition.
[21/May/2013:12:19:51 -0400] - slapd shutting down - signaling operation
threads
[21/May/2013:12:19:51 -0400] - slapd shutting down - closing down internal
subsystems and plugins
[21/May/2013:12:19:51 -0400] - Waiting for 4 database threads to stop
[21/May/2013:12:19:51 -0400] - All database threads now stopped
[21/May/2013:12:19:51 -0400] - slapd stopped.
[21/May/2013:12:19:53 -0400] - 389-Directory/1.2.11.15 B2013.105.2259
starting up
[21/May/2013:12:19:53 -0400] schema-compat-plugin - warning: no entries set
up under cn=computers, cn=compat,dc=miovision,dc=linux
[21/May/2013:12:19:53 -0400] schema-compat-plugin - warning: no entries set
up under cn=ng, cn=compat,dc=miovision,dc=linux
[21/May/2013:12:19:53 -0400] schema-compat-plugin - warning: no entries set
up under ou=sudoers,dc=miovision,dc=linux
[21/May/2013:12:19:53 -0400] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which
should be added before the CoS Definition.
[21/May/2013:12:19:53 -0400] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which
should be added before the CoS Definition.
[21/May/2013:12:19:53 -0400] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[21/May/2013:12:19:53 -0400] - Listening on All Interfaces port 636 for
LDAPS requests
[21/May/2013:12:19:53 -0400] - Listening on
/var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
[21/May/2013:12:19:53 -0400] - The change of nsslapd-maxdescriptors will
not take effect until the server is restarted
[21/May/2013:12:23:37 -0400] schema-compat-plugin - warning: no entries set
up under cn=ng, cn=compat,dc=miovision,dc=linux
[21/May/2013:12:23:37 -0400] schema-compat-plugin - warning: no entries set
up under ou=sudoers,dc=miovision,dc=linux
[21/May/2013:12:23:43 -0400] - userRoot: Indexing attribute: memberuid
[21/May/2013:12:23:43 -0400] - userRoot: Finished indexing.
[21/May/2013:12:23:49 -0400] - userRoot: Indexing attribute: ntUserDomainId
[21/May/2013:12:23:49 -0400] - userRoot: Finished indexing.
[21/May/2013:12:23:55 -0400] - userRoot: Indexing attribute: ntUniqueId
[21/May/2013:12:23:55 -0400] - userRoot: Finished indexing.
[21/May/2013:12:23:57 -0400] - slapd shutting down - signaling operation
threads
[21/May/2013:12:23:57 -0400] - slapd shutting down - closing down internal
subsystems and plugins
[21/May/2013:12:23:57 -0400] - Waiting for 4 database threads to stop
[21/May/2013:12:23:57 -0400] - All database threads now stopped
[21/May/2013:12:23:57 -0400] - slapd stopped.
[21/May/2013:12:24:01 -0400] - 389-Directory/1.2.11.15 B2013.105.2259
starting up
[21/May/2013:12:24:01 -0400] schema-compat-plugin - warning: no entries set
up under cn=computers, cn=compat,dc=miovision,dc=linux
[21/May/2013:12:24:01 -0400] schema-compat-plugin - warning: no entries set
up under cn=ng, cn=compat,dc=miovision,dc=linux
[21/May/2013:12:24:01 -0400] schema-compat-plugin - warning: no entries set
up under ou=sudoers,dc=miovision,dc=linux
[21/May/2013:12:24:01 -0400] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which
should be added before the CoS Definition.
[21/May/2013:12:24:01 -0400] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which
should be added before the CoS Definition.
[21/May/2013:12:24:01 -0400] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[21/May/2013:12:24:01 -0400] - Listening on All Interfaces port 636 for
LDAPS requests
[21/May/2013:12:24:01 -0400] - Listening on
/var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
[21/May/2013:12:50:13 -0400] - slapd shutting down - signaling operation
threads
[21/May/2013:12:50:13 -0400] - slapd shutting down - closing down internal
subsystems and plugins
[21/May/2013:12:50:13 -0400] - Waiting for 4 database threads to stop
[21/May/2013:12:50:13 -0400] - All database threads now stopped
[21/May/2013:12:50:13 -0400] - slapd stopped.
[21/May/2013:12:50:16 -0400] - 389-Directory/1.2.11.15 B2013.105.2259
starting up
[21/May/2013:12:50:16 -0400] schema-compat-plugin - warning: no entries set
up under cn=computers, cn=compat,dc=miovision,dc=linux
[21/May/2013:12:50:16 -0400] schema-compat-plugin - warning: no entries set
up under cn=ng, cn=compat,dc=miovision,dc=linux
[21/May/2013:12:50:16 -0400] schema-compat-plugin - warning: no entries set
up under ou=sudoers,dc=miovision,dc=linux
[21/May/2013:12:50:16 -0400] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which
should be added before the CoS Definition.
[21/May/2013:12:50:16 -0400] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which
should be added before the CoS Definition.
[21/May/2013:12:50:16 -0400] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[21/May/2013:12:50:16 -0400] - Listening on All Interfaces port 636 for
LDAPS requests
[21/May/2013:12:50:16 -0400] - Listening on
/var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
[21/May/2013:12:50:18 -0400] - Entry
"cn=meTodc1.miovision.corp,cn=replica,cn=dc\3Dmiovision\2Cdc\3Dlinux,cn=mapping
tree,cn=config" -- attribute "nsDS5ReplicatedAttributeListTotal" not allowed
[21/May/2013:12:50:18 -0400] NSMMReplicationPlugin -
agmt="cn=meTodc1.miovision.corp" (dc1:389): Replica has no update vector.
It has never been initialized.
[21/May/2013:12:50:18 -0400] NSMMReplicationPlugin -
agmt="cn=meTodc1.miovision.corp" (dc1:389): Replica has no update vector.
It has never been initialized.
[21/May/2013:12:50:18 -0400] NSMMReplicationPlugin -
agmt="cn=meTodc1.miovision.corp" (dc1:389): Replica has no update vector.
It has never been initialized.
[21/May/2013:12:50:20 -0400] NSMMReplicationPlugin - Beginning total update
of replica "agmt="cn=meTodc1.miovision.corp" (dc1:389)".
[21/May/2013:12:50:21 -0400] - Entry
"uid=krbtgt,cn=users,cn=accounts,dc=miovision,dc=linux" missing attribute
"sn" required by object class "person"
[21/May/2013:12:50:21 -0400] - Entry
"uid=krbtgt_18424,cn=users,cn=accounts,dc=miovision,dc=linux" missing
attribute "sn" required by object class "person"
[21/May/2013:12:50:21 -0400] - Entry
"uid=IUSR_MIOFILES,cn=users,cn=accounts,dc=miovision,dc=linux" missing
attribute "sn" required by object class "person"
[21/May/2013:12:50:21 -0400] - Entry
"uid=IWAM_MIOFILES,cn=users,cn=accounts,dc=miovision,dc=linux" missing
attribute "sn" required by object class "person"
[21/May/2013:12:50:21 -0400] - Entry
"uid=backup,cn=users,cn=accounts,dc=miovision,dc=linux" missing attribute
"sn" required by object class "person"
[21/May/2013:12:50:21 -0400] - Entry
"uid=Guest,cn=users,cn=accounts,dc=miovision,dc=linux" missing attribute
"sn" required by object class "person"
[21/May/2013:12:50:22 -0400] - Entry
"uid=ldap-auth,cn=users,cn=accounts,dc=miovision,dc=linux" missing
attribute "sn" required by object class "person"
[21/May/2013:12:50:22 -0400] - Entry
"uid=Administrator,cn=users,cn=accounts,dc=miovision,dc=linux" missing
attribute "sn" required by object class "person"
[21/May/2013:12:50:22 -0400] NSMMReplicationPlugin - Finished total update
of replica "agmt="cn=meTodc1.miovision.corp" (dc1:389)". Sent 2 entries.
[21/May/2013:12:50:23 -0400] - slapd shutting down - signaling operation
threads
[21/May/2013:12:50:23 -0400] - slapd shutting down - closing down internal
subsystems and plugins
[21/May/2013:12:50:23 -0400] - Waiting for 4 database threads to stop
[21/May/2013:12:50:23 -0400] - All database threads now stopped
[21/May/2013:12:50:23 -0400] - slapd stopped.
[21/May/2013:12:54:14 -0400] - 389-Directory/1.2.11.15 B2013.105.2259
starting up
[21/May/2013:12:54:14 -0400] schema-compat-plugin - warning: no entries set
up under cn=computers, cn=compat,dc=miovision,dc=linux
[21/May/2013:12:54:14 -0400] schema-compat-plugin - warning: no entries set
up under cn=ng, cn=compat,dc=miovision,dc=linux
[21/May/2013:12:54:14 -0400] schema-compat-plugin - warning: no entries set
up under ou=sudoers,dc=miovision,dc=linux
[21/May/2013:12:54:14 -0400] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which
should be added before the CoS Definition.
[21/May/2013:12:54:14 -0400] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which
should be added before the CoS Definition.
[21/May/2013:12:54:14 -0400] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[21/May/2013:12:54:14 -0400] - Listening on All Interfaces port 636 for
LDAPS requests
[21/May/2013:12:54:14 -0400] - Listening on
/var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
[21/May/2013:12:58:56 -0400] NSMMReplicationPlugin - Beginning total update
of replica "agmt="cn=meTodc1.miovision.corp" (dc1:389)".
[21/May/2013:13:54:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:13:59:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:14:04:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:14:06:21 -0400] - _csngen_adjust_local_time: gen state before
519bae7c0001:1369157244:0:0
[21/May/2013:14:06:21 -0400] - _csngen_adjust_local_time: gen state after
519bb79d0000:1369159581:0:0
[21/May/2013:14:06:21 -0400] NSMMReplicationPlugin -
ruv_add_csn_inprogress: successfully inserted csn 519bb79d000000030000 into
pending list
[21/May/2013:14:06:21 -0400] NSMMReplicationPlugin - Purged state
information from entry
fqdn=ipa1.miovision.linux,cn=computers,cn=accounts,dc=miovision,dc=linux up
to CSN 519273fc000000030000
[21/May/2013:14:06:21 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFileByReplicaName: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:14:06:21 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFileByReplicaName: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:14:06:21 -0400] NSMMReplicationPlugin - ruv_update_ruv:
successfully committed csn 519bb79d000000030000
[21/May/2013:14:06:46 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFile: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:14:06:46 -0400] NSMMReplicationPlugin - changelog program -
cl5GetOperationCount: found DB object 26158b0
[21/May/2013:14:09:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:14:14:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:14:19:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:14:24:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:14:29:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:14:31:18 -0400] - _csngen_adjust_local_time: gen state before
519bb79d0001:1369159581:0:0
[21/May/2013:14:31:18 -0400] - _csngen_adjust_local_time: gen state after
519bbd760000:1369161078:0:0
[21/May/2013:14:31:18 -0400] NSMMReplicationPlugin -
ruv_add_csn_inprogress: successfully inserted csn 519bbd76000000030000 into
pending list
[21/May/2013:14:31:18 -0400] NSMMReplicationPlugin - Purged state
information from entry uid=admin,cn=users,cn=accounts,dc=miovision,dc=linux
up to CSN 51927d1d000000030000
[21/May/2013:14:31:18 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFileByReplicaName: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:14:31:18 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFileByReplicaName: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:14:31:18 -0400] NSMMReplicationPlugin - ruv_update_ruv:
successfully committed csn 519bbd76000000030000
[21/May/2013:14:31:26 -0400] - _csngen_adjust_local_time: gen state before
519bbd760001:1369161078:0:0
[21/May/2013:14:31:26 -0400] - _csngen_adjust_local_time: gen state after
519bbd7e0000:1369161086:0:0
[21/May/2013:14:31:26 -0400] NSMMReplicationPlugin -
ruv_add_csn_inprogress: successfully inserted csn 519bbd7e000000030000 into
pending list
[21/May/2013:14:31:26 -0400] NSMMReplicationPlugin - Purged state
information from entry uid=admin,cn=users,cn=accounts,dc=miovision,dc=linux
up to CSN 519282f6000000030000
[21/May/2013:14:31:26 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFileByReplicaName: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:14:31:26 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFileByReplicaName: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:14:31:26 -0400] NSMMReplicationPlugin - ruv_update_ruv:
successfully committed csn 519bbd7e000000030000
[21/May/2013:14:31:46 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFile: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:14:31:46 -0400] NSMMReplicationPlugin - changelog program -
cl5GetOperationCount: found DB object 26158b0
[21/May/2013:14:34:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:14:39:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:14:44:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:14:49:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:14:54:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:14:59:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:15:04:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:15:09:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:15:14:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:15:19:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:15:24:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:15:29:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:15:34:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:15:39:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:15:44:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:15:46:24 -0400] - _csngen_adjust_local_time: gen state before
519bbd7e0001:1369161086:0:0
[21/May/2013:15:46:24 -0400] - _csngen_adjust_local_time: gen state after
519bcf100000:1369165584:0:0
[21/May/2013:15:46:24 -0400] NSMMReplicationPlugin -
ruv_add_csn_inprogress: successfully inserted csn 519bcf10000000030000 into
pending list
[21/May/2013:15:46:24 -0400] NSMMReplicationPlugin - Purged state
information from entry
fqdn=ipa1.miovision.linux,cn=computers,cn=accounts,dc=miovision,dc=linux up
to CSN 519282fe000000030000
[21/May/2013:15:46:24 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFileByReplicaName: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:15:46:24 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFileByReplicaName: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:15:46:24 -0400] NSMMReplicationPlugin - ruv_update_ruv:
successfully committed csn 519bcf10000000030000
[21/May/2013:15:46:46 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFile: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:15:46:46 -0400] NSMMReplicationPlugin - changelog program -
cl5GetOperationCount: found DB object 26158b0
[21/May/2013:15:49:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:15:54:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:15:59:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:16:04:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:16:09:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:16:14:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:16:19:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:16:24:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:16:29:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:16:34:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:16:39:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:16:44:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:16:49:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:16:54:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:16:59:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:17:04:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:17:09:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:17:14:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:17:19:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:17:24:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:17:26:31 -0400] - _csngen_adjust_local_time: gen state before
519bcf100001:1369165584:0:0
[21/May/2013:17:26:31 -0400] - _csngen_adjust_local_time: gen state after
519be6870000:1369171591:0:0
[21/May/2013:17:26:31 -0400] NSMMReplicationPlugin -
ruv_add_csn_inprogress: successfully inserted csn 519be687000000030000 into
pending list
[21/May/2013:17:26:31 -0400] NSMMReplicationPlugin - Purged state
information from entry
fqdn=ipa1.miovision.linux,cn=computers,cn=accounts,dc=miovision,dc=linux up
to CSN 51929490000000030000
[21/May/2013:17:26:31 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFileByReplicaName: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:17:26:31 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFileByReplicaName: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:17:26:31 -0400] NSMMReplicationPlugin - ruv_update_ruv:
successfully committed csn 519be687000000030000
[21/May/2013:17:26:46 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFile: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:17:26:46 -0400] NSMMReplicationPlugin - changelog program -
cl5GetOperationCount: found DB object 26158b0
[21/May/2013:17:29:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:17:34:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:17:39:14 -0400] NSMMReplicationPlugin - Running Dirsync
[21/May/2013:17:41:32 -0400] - _csngen_adjust_local_time: gen state before
519be6870001:1369171591:0:0
[21/May/2013:17:41:32 -0400] - _csngen_adjust_local_time: gen state after
519bea0c0000:1369172492:0:0
[21/May/2013:17:41:32 -0400] NSMMReplicationPlugin -
ruv_add_csn_inprogress: successfully inserted csn 519bea0c000000030000 into
pending list
[21/May/2013:17:41:32 -0400] NSMMReplicationPlugin - Purged state
information from entry
fqdn=ipa1.miovision.linux,cn=computers,cn=accounts,dc=miovision,dc=linux up
to CSN 5192ac07000000030000
[21/May/2013:17:41:32 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFileByReplicaName: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:17:41:32 -0400] NSMMReplicationPlugin - changelog program -
_cl5GetDBFileByReplicaName: found DB object 26158b0 for database
/var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/8337548b-c23611e2-80ceb237-a58fe021_519ba5ca000000030000.db4
[21/May/2013:17:41:32 -0400] NSMMReplicationPlugin - ruv_update_ruv:
successfully committed csn 519bea0c000000030000
>
> Although the documentation mentions changes will be applied on next sync
> when 'nsds7WindowsReplicaSubtree' is changed, they do not.
>
>
> Did you use ldapmodify to change it?
>
>
>
Yes, see above process for syntax used.
> Also if I try to include the --win-subtree=CN=Shared
> Login,CN=Users,DC=miovision,DC=corp argument I get an invalid password
> message this might be because I didn't quote the DN though.
>
>
> Yes, that's likely.
>
>
> So I then ran ipa-replica-manage re-initialize --from dc1.miovision.corp.
>
> I now have a screen session with an incredible amount of "Update in
> progress" lines which has been running for about 30 minutes now (triggered
> at 12:58:56). I tried this on the weekend as well, and the process ran
> overnight so I killed it and had to start from scratch again.
>
> The dirsrv error log is:
> [21/May/2013:12:24:01 -0400] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [21/May/2013:12:24:01 -0400] - Listening on All Interfaces port 636 for
> LDAPS requests
> [21/May/2013:12:24:01 -0400] - Listening on
> /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
> [21/May/2013:12:50:13 -0400] - slapd shutting down - signaling operation
> threads
> [21/May/2013:12:50:13 -0400] - slapd shutting down - closing down internal
> subsystems and plugins
> [21/May/2013:12:50:13 -0400] - Waiting for 4 database threads to stop
> [21/May/2013:12:50:13 -0400] - All database threads now stopped
> [21/May/2013:12:50:13 -0400] - slapd stopped.
> [21/May/2013:12:50:16 -0400] - 389-Directory/1.2.11.15 B2013.105.2259
> starting up
> [21/May/2013:12:50:16 -0400] schema-compat-plugin - warning: no entries
> set up under cn=computers, cn=compat,dc=miovision,dc=linux
> [21/May/2013:12:50:16 -0400] schema-compat-plugin - warning: no entries
> set up under cn=ng, cn=compat,dc=miovision,dc=linux
> [21/May/2013:12:50:16 -0400] schema-compat-plugin - warning: no entries
> set up under ou=sudoers,dc=miovision,dc=linux
> [21/May/2013:12:50:16 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which
> should be added before the CoS Definition.
> [21/May/2013:12:50:16 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which
> should be added before the CoS Definition.
> [21/May/2013:12:50:16 -0400] - slapd started. Listening on All Interfaces
> port 389 for LDAP requests
> [21/May/2013:12:50:16 -0400] - Listening on All Interfaces port 636 for
> LDAPS requests
> [21/May/2013:12:50:16 -0400] - Listening on
> /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
> [21/May/2013:12:50:18 -0400] - Entry
> "cn=meTodc1.miovision.corp,cn=replica,cn=dc\3Dmiovision\2Cdc\3Dlinux,cn=mapping
> tree,cn=config" -- attribute "nsDS5ReplicatedAttributeListTotal" not allowed
> [21/May/2013:12:50:18 -0400] NSMMReplicationPlugin -
> agmt="cn=meTodc1.miovision.corp" (dc1:389): Replica has no update vector.
> It has never been initialized.
> [21/May/2013:12:50:18 -0400] NSMMReplicationPlugin -
> agmt="cn=meTodc1.miovision.corp" (dc1:389): Replica has no update vector.
> It has never been initialized.
> [21/May/2013:12:50:18 -0400] NSMMReplicationPlugin -
> agmt="cn=meTodc1.miovision.corp" (dc1:389): Replica has no update vector.
> It has never been initialized.
> [21/May/2013:12:50:20 -0400] NSMMReplicationPlugin - Beginning total
> update of replica "agmt="cn=meTodc1.miovision.corp" (dc1:389)".
> [21/May/2013:12:50:21 -0400] - Entry
> "uid=krbtgt,cn=users,cn=accounts,dc=miovision,dc=linux" missing attribute
> "sn" required by object class "person"
> [21/May/2013:12:50:21 -0400] - Entry
> "uid=krbtgt_18424,cn=users,cn=accounts,dc=miovision,dc=linux" missing
> attribute "sn" required by object class "person"
> [21/May/2013:12:50:21 -0400] - Entry
> "uid=IUSR_MIOFILES,cn=users,cn=accounts,dc=miovision,dc=linux" missing
> attribute "sn" required by object class "person"
> [21/May/2013:12:50:21 -0400] - Entry
> "uid=IWAM_MIOFILES,cn=users,cn=accounts,dc=miovision,dc=linux" missing
> attribute "sn" required by object class "person"
> [21/May/2013:12:50:21 -0400] - Entry
> "uid=backup,cn=users,cn=accounts,dc=miovision,dc=linux" missing attribute
> "sn" required by object class "person"
> [21/May/2013:12:50:21 -0400] - Entry
> "uid=Guest,cn=users,cn=accounts,dc=miovision,dc=linux" missing attribute
> "sn" required by object class "person"
> [21/May/2013:12:50:22 -0400] - Entry
> "uid=ldap-auth,cn=users,cn=accounts,dc=miovision,dc=linux" missing
> attribute "sn" required by object class "person"
> [21/May/2013:12:50:22 -0400] - Entry
> "uid=Administrator,cn=users,cn=accounts,dc=miovision,dc=linux" missing
> attribute "sn" required by object class "person"
> [21/May/2013:12:50:22 -0400] NSMMReplicationPlugin - Finished total update
> of replica "agmt="cn=meTodc1.miovision.corp" (dc1:389)". Sent 2 entries.
> [21/May/2013:12:50:23 -0400] - slapd shutting down - signaling operation
> threads
> [21/May/2013:12:50:23 -0400] - slapd shutting down - closing down internal
> subsystems and plugins
> [21/May/2013:12:50:23 -0400] - Waiting for 4 database threads to stop
> [21/May/2013:12:50:23 -0400] - All database threads now stopped
> [21/May/2013:12:50:23 -0400] - slapd stopped.
> [21/May/2013:12:54:14 -0400] - 389-Directory/1.2.11.15 B2013.105.2259
> starting up
> [21/May/2013:12:54:14 -0400] schema-compat-plugin - warning: no entries
> set up under cn=computers, cn=compat,dc=miovision,dc=linux
> [21/May/2013:12:54:14 -0400] schema-compat-plugin - warning: no entries
> set up under cn=ng, cn=compat,dc=miovision,dc=linux
> [21/May/2013:12:54:14 -0400] schema-compat-plugin - warning: no entries
> set up under ou=sudoers,dc=miovision,dc=linux
> [21/May/2013:12:54:14 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which
> should be added before the CoS Definition.
> [21/May/2013:12:54:14 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which
> should be added before the CoS Definition.
> [21/May/2013:12:54:14 -0400] - slapd started. Listening on All Interfaces
> port 389 for LDAP requests
> [21/May/2013:12:54:14 -0400] - Listening on All Interfaces port 636 for
> LDAPS requests
> [21/May/2013:12:54:14 -0400] - Listening on
> /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests
> [21/May/2013:12:58:56 -0400] NSMMReplicationPlugin - Beginning total
> update of replica "agmt="cn=meTodc1.miovision.corp" (dc1:389)".
>
> Am I encountering this issue because of the win-subtree setting?
>
>
> What issue?
>
>
>
Re-initialize process continues indefinitely displaying new lines "Update
in progress", only users who are in CN=users,DC=miovision,DC=corp are shown
in IPA web admin (from initial winsync agreement before re-initialize)
> Is it considered bad practice to set a group like this?
>
>
> It should be fine.
>
>
> I'm not sure what else I would do, as this is the only group which
> contains all of my users, and they reside in their respective OU's instead
> of Users CN.
>
>
> It should be fine.
>
>
>
> I've since enabled replication logging, but addtional information is
> minimal:
> [21/May/2013:12:58:56 -0400] NSMMReplicationPlugin - Beginning total
> update of replica "agmt="cn=meTodc1.miovision.corp" (dc1:389)".
> [21/May/2013:13:54:14 -0400] NSMMReplicationPlugin - Running Dirsync
>
>
> So it's hung here?
>
>
>
Correct, see logs above
> #top shows ns-slapd maxing out the CPU.
> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
>
>
> 5252 dirsrv 20 0 1177m 33m 8464 S 99.8 3.3 57:17.08 ns-slapd
>
>
> Can you do a pstack of the process?
>
> pstack 5252
>
>
>
Yes, see output above.
>
>
>
> Steve Dainard
> Infrastructure Manager
> Miovision Technologies Inc.
>
>
>
> On Fri, May 17, 2013 at 2:09 PM, Rich Megginson <rmeggins at redhat.com>wrote:
>
>> On 05/17/2013 12:03 PM, Steve Dainard wrote:
>>
>> Thanks for getting me on the right track.
>>
>> Yes to the Windows sync agreement.
>>
>> I'm not sure if this is related to password sync'ing, but it looks like
>> a sync operation is triggering (and failing) every 4 seconds on one of my
>> users:
>>
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): State: start_backoff -> backoff
>> [17/May/2013:13:28:42 -0400] - acquire_replica, supplier RUV:
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin - supplier:
>> {replicageneration} 50802036000000030000
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin - supplier: {replica 3
>> ldap://ipa1.miovision.linux:389} 50802036000100030000
>> 51966776000100030000 51966776
>> [17/May/2013:13:28:42 -0400] - acquire_replica, consumer RUV:
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin - consumer:
>> {replicageneration} 50802036000000030000
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin - consumer: {replica 3
>> ldap://ipa1.miovision.linux:389} 50802036000100030000
>> 515ad91f000000030000 00000000
>> [17/May/2013:13:28:42 -0400] - acquire_replica, supplier RUV is newer
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): Cancelling linger on the
>> connection
>> [17/May/2013:13:28:42 -0400] - _csngen_adjust_local_time: gen state
>> before 519668c60001:1368811718:0:0
>> [17/May/2013:13:28:42 -0400] - _csngen_adjust_local_time: gen state after
>> 519668ca0000:1368811722:0:0
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): State: backoff ->
>> sending_updates
>> [17/May/2013:13:28:42 -0400] - csngen_adjust_time: gen state before
>> 519668ca0001:1368811722:0:0
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin - changelog program -
>> _cl5GetDBFile: found DB object f6d910 for database
>> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/854fd282-193811e2-9177aa0d-17c9983f_50802036000000030000.db4
>> [17/May/2013:13:28:42 -0400] - _cl5PositionCursorForReplay
>> (agmt="cn=meTodc1.miovision.corp" (dc1:389)): Consumer RUV:
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): {replicageneration}
>> 50802036000000030000
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): {replica 3
>> ldap://ipa1.miovision.linux:389} 50802036000100030000
>> 515ad91f000000030000 00000000
>> [17/May/2013:13:28:42 -0400] - _cl5PositionCursorForReplay
>> (agmt="cn=meTodc1.miovision.corp" (dc1:389)): Supplier RUV:
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): {replicageneration}
>> 50802036000000030000
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): {replica 3
>> ldap://ipa1.miovision.linux:389} 50802036000100030000
>> 51966776000100030000 51966776
>> [17/May/2013:13:28:42 -0400] agmt="cn=meTodc1.miovision.corp" (dc1:389) -
>> clcache_get_buffer: found thread private buffer cache 7f30bc061d00
>> [17/May/2013:13:28:42 -0400] agmt="cn=meTodc1.miovision.corp" (dc1:389) -
>> clcache_get_buffer: _pool is 2e7cc10 _pool->pl_busy_lists is 7f30bc050790
>> _pool->pl_busy_lists->bl_buffers is 7f30bc061d00
>> [17/May/2013:13:28:42 -0400] agmt="cn=meTodc1.miovision.corp" (dc1:389) -
>> session start: anchorcsn=515ad91f000000030000
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin - changelog program -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): CSN 515ad91f000000030000 found,
>> position set for replay
>> [17/May/2013:13:28:42 -0400] agmt="cn=meTodc1.miovision.corp" (dc1:389) -
>> load=1 rec=1 csn=515ae3f4000000030000
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): windows_replay_update: Looking
>> at modify operation local
>> dn="uid=jkeller,cn=users,cn=accounts,dc=miovision,dc=linux" (ours,user,not
>> group)
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): map_entry_dn_outbound: looking
>> for AD entry for DS
>> dn="uid=jkeller,cn=users,cn=accounts,dc=miovision,dc=linux"
>> guid="ba17f9770e0c814cb9eea9df2d4df61a"
>> [17/May/2013:13:28:42 -0400] - Calling windows entry search request plugin
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin - Could not retrieve
>> entry from Windows using search base
>> [<GUID=ba17f9770e0c814cb9eea9df2d4df61a>] scope [0] filter
>> [(objectclass=*)]: error 1:Operations error
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): map_entry_dn_outbound: return
>> code -1 from search for AD entry
>> dn="<GUID=ba17f9770e0c814cb9eea9df2d4df61a>" or dn="(null)"
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): map_entry_dn_outbound: entry
>> not found - rc -1
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): windows_replay_update:
>> Processing modify operation local
>> dn="uid=jkeller,cn=users,cn=accounts,dc=miovision,dc=linux" remote
>> dn="<GUID=ba17f9770e0c814cb9eea9df2d4df61a>"
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): map_entry_dn_outbound: looking
>> for AD entry for DS
>> dn="uid=jkeller,cn=users,cn=accounts,dc=miovision,dc=linux"
>> guid="ba17f9770e0c814cb9eea9df2d4df61a"
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): map_entry_dn_outbound: looking
>> for AD entry for DS
>> dn="uid=jkeller,cn=users,cn=accounts,dc=miovision,dc=linux"
>> username="jkeller"
>> [17/May/2013:13:28:42 -0400] - Calling windows entry search request plugin
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin - Could not retrieve
>> entry from Windows using search base [dc=miovision,dc=corp] scope [2]
>> filter [(samAccountName=jkeller)]: error 1:Operations error
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): map_entry_dn_outbound: entry
>> not found - rc -1
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): map_entry_dn_outbound: failed
>> to fetch entry from AD:
>> dn="uid=jkeller,cn=users,cn=accounts,dc=miovision,dc=linux", err=-1
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): windows_replay_update: update
>> password returned 1
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): Consumer failed to replay
>> change (uniqueid cd3be819-21c711e2-96aaaa0d-17c9983f, CSN
>> 515ae3f4000000030000): Operations error. Will retry later.
>> [17/May/2013:13:28:42 -0400] agmt="cn=meTodc1.miovision.corp" (dc1:389) -
>> session end: state=0 load=1 sent=1 skipped=0
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): Beginning linger on the
>> connection
>> [17/May/2013:13:28:42 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): State: sending_updates ->
>> start_backoff
>>
>>
>>
>> Here's the output of an ldapsearch for the user jkeller:
>>
>> #/usr/bin/ldapsearch -h dc1.miovision.corp -D "ldap-auth at miovision.corp"<ldap-auth at miovision.corp>-W -b "dc=miovision,dc=corp" '(samAccountName=jkeller)' cn samAccountName
>>
>> # Joel Keller, 01Engineering, miovision.corp
>> dn: CN=Joel Keller,OU=01Engineering,DC=miovision,DC=corp
>> cn: Joel Keller
>> sAMAccountName: jkeller
>>
>>
>>
>> When I change my password on the IPA server, it looks like the change
>> is queued:
>>
>> [17/May/2013:13:53:48 -0400] - _csngen_adjust_local_time: gen state
>> before 51966eab0001:1368813227:0:0
>> [17/May/2013:13:53:48 -0400] - _csngen_adjust_local_time: gen state after
>> 51966eac0000:1368813228:0:0
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>> ruv_add_csn_inprogress: successfully inserted csn 51966eac000000030000 into
>> pending list
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - Purged state
>> information from entry
>> uid=sdainard,cn=users,cn=accounts,dc=miovision,dc=linux up to CSN
>> 518d33f90007000300
>> 00
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - changelog program -
>> _cl5GetDBFileByReplicaName: found DB object f6d910 for database
>> /var/lib/dirsrv/slapd-MIOVISION-LINU
>> X/cldb/854fd282-193811e2-9177aa0d-17c9983f_50802036000000030000.db4
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - changelog program -
>> _cl5GetDBFileByReplicaName: found DB object f6d910 for database
>> /var/lib/dirsrv/slapd-MIOVISION-LINU
>> X/cldb/854fd282-193811e2-9177aa0d-17c9983f_50802036000000030000.db4
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - ruv_update_ruv:
>> successfully committed csn 51966eac000000030000
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>> ruv_add_csn_inprogress: successfully inserted csn 51966eac000100030000 into
>> pending list
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - Purged state
>> information from entry
>> uid=sdainard,cn=users,cn=accounts,dc=miovision,dc=linux up to CSN
>> 518d342c0000000300
>> 00
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - changelog program -
>> _cl5GetDBFileByReplicaName: found DB object f6d910 for database
>> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/854fd282-193811e2-9177aa0d-17c9983f_50802036000000030000.db4
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - changelog program -
>> _cl5GetDBFileByReplicaName: found DB object f6d910 for database
>> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/854fd282-193811e2-9177aa0d-17c9983f_50802036000000030000.db4
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - ruv_update_ruv:
>> successfully committed csn 51966eac000100030000
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): State: start_backoff -> backoff
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>> ruv_add_csn_inprogress: successfully inserted csn 51966eac000200030000 into
>> pending list
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - Purged state
>> information from entry
>> uid=sdainard,cn=users,cn=accounts,dc=miovision,dc=linux up to CSN
>> 518d342c000100030000
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - changelog program -
>> _cl5GetDBFileByReplicaName: found DB object f6d910 for database
>> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/854fd282-193811e2-9177aa0d-17c9983f_50802036000000030000.db4
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - changelog program -
>> _cl5GetDBFileByReplicaName: found DB object f6d910 for database
>> /var/lib/dirsrv/slapd-MIOVISION-LINUX/cldb/854fd282-193811e2-9177aa0d-17c9983f_50802036000000030000.db4
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin - ruv_update_ruv:
>> successfully committed csn 51966eac000200030000
>> [17/May/2013:13:53:48 -0400] NSMMReplicationPlugin -
>> agmt="cn=meTodc1.miovision.corp" (dc1:389): State: backoff -> backoff
>>
>>
>>
>> Perhaps whatever is causing the sync error with user jkeller is holding
>> up the queued transactions?
>>
>>
>> Yes. It is attempting to replay the password change operation. It
>> first tries to find the entry in AD, but that is failing with operations
>> error.
>>
>> Try doing the ldapsearch with the same bind DN and password you specified
>> when you set up the winsync agreement. Or did you use
>> "ldap-auth at miovision.corp" <ldap-auth at miovision.corp>?
>>
>> Another difference is that winsync uses LDAPS - so try this:
>>
>> LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-YOUR-DOMAIN ldapsearch -H
>> ldaps://dc1.miovision.corp -D "ldap-auth at miovision.corp"<ldap-auth at miovision.corp>-W -b "dc=miovision,dc=corp" '(samAccountName=jkeller)' cn samAccountName
>>
>>
>>
>>
>>
>>
>> Steve Dainard
>> Infrastructure Manager
>> Miovision Technologies Inc.
>>
>>
>> On Fri, May 17, 2013 at 11:39 AM, Rich Megginson <rmeggins at redhat.com>wrote:
>>
>>> On 05/17/2013 09:26 AM, Steve Dainard wrote:
>>>
>>> Hello,
>>>
>>> We're running a single IPA server (CentOS 6) on our network as a side
>>> project for some testing before we implement.
>>>
>>> It had been a significant period of time since I had last logged into
>>> the web interface, so I had to kinit from a client machine (of which I had
>>> logged into successfully with my domain password), at which point I was
>>> requested to change my password. After the password change I RDP'd into a
>>> Windows machine on our domain and realized the password had not been
>>> updated on the domain controller.
>>>
>>> Is the password sync feature with an external source such as Active
>>> Directory supposed to be two-way? If so where can I start troubleshooting
>>> this issue?
>>>
>>>
>>> Are you talking about a windows sync agreement you set up with
>>> ipa-replica-manage?
>>> If so, yes, the password sync is supposed to be two-way.
>>> Try this:
>>> turn on the replication log level
>>> http://port389.org/wiki/FAQ#Troubleshooting
>>> change your IPA password
>>> turn off the replication log level
>>> http://port389.org/wiki/FAQ#Troubleshooting
>>> see if you can use your new password in AD
>>>
>>> The 389 errors log in /var/log/dirsrv/slapd-YOUR-DOMAIN/errors may
>>> contain a clue.
>>>
>>>
>>> Thanks,
>>>
>>>
>>>
>>> Steve Dainard
>>> Infrastructure Manager
>>> Miovision Technologies Inc.
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>>
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130521/035cd555/attachment.htm>
More information about the Freeipa-users
mailing list