FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 03-08-2011, 05:17 PM
Stephen Agar
 
Default Changelog Modification

I have a 4 server multi master replication setup going on.* We get a lot of errors like this:

*NSMMReplicationPlugin - agmt="cn="Replication to server"" (server:636): Consumer failed to replay change (uniqueid 2365a885-b85511df-ad54b6ca-51ecbecb, CSN 4d6ceae5000700010000): DSA is unwilling to perform. Will retry later.


I've used cl-dump on all four nodes to dump the logs and track these down.* However, all of the "offending" changes that say they weren't made do indeed seem to be applied on all 4 nodes.* Is there a command I can use to remove specific entries from the changelog?* In the past, i've just re-initialized nodes to get rid of these, but that's certainly not the preferred way to do this.


Thanks,
Stephen

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-08-2011, 08:21 PM
Rich Megginson
 
Default Changelog Modification

On 03/08/2011 11:17 AM, Stephen Agar wrote:
I have a 4 server multi master replication setup going
on.* We get a lot of errors like this:



*NSMMReplicationPlugin - agmt="cn="Replication to server""
(server:636): Consumer failed to replay change (uniqueid
2365a885-b85511df-ad54b6ca-51ecbecb, CSN 4d6ceae5000700010000):
DSA is unwilling to perform. Will retry later.



I've used cl-dump on all four nodes to dump the logs and track
these down.* However, all of the "offending" changes that say they
weren't made do indeed seem to be applied on all 4 nodes.
What are these changes?* What operations, attributes, values, etc.

Is there a command I can use to remove specific
entries from the changelog?* In the past, i've just re-initialized
nodes to get rid of these, but that's certainly not the preferred
way to do this.



Thanks,

Stephen



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-09-2011, 04:18 PM
Rich Megginson
 
Default Changelog Modification

On 03/09/2011 10:11 AM, Stephen Agar wrote:
I've seen multiple different types of changes in there
flagged as this issue.*

- Some was a custom "directory string" attribute, being change
from value notActivated to activated


I suppose this might be a problem if the schema were somehow
different between the two servers, which could happen if you added
the schema via a file and not via LDAP.

- Some password account lockout attributes, resettime,
etc.


See
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Managing_Replication-Replicating-Password-Attributes


- Most are modifications to the "memberof" attribute, which is set
by the member plugin


memberof should not be replicated - see
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#groups-cmd-memberof


there is an Important Note on that page about replicating memberof

- Some are password changes


I suppose this could be possible if the password policy is different
on the supplier and the consumer



In all cases that i've checked, the data seems to be correct and
consistent across all 4 nodes.



Thanks for any insight.



--stephen





On Tue, Mar 8, 2011 at 3:21 PM, Rich
Megginson <rmeggins@redhat.com>
wrote:



On 03/08/2011 11:17 AM, Stephen Agar wrote:
I have a 4 server multi master
replication setup going on.* We get a lot of errors like
this:



*NSMMReplicationPlugin - agmt="cn="Replication to
server"" (server:636): Consumer failed to replay change
(uniqueid 2365a885-b85511df-ad54b6ca-51ecbecb, CSN
4d6ceae5000700010000): DSA is unwilling to perform. Will
retry later.



I've used cl-dump on all four nodes to dump the logs and
track these down.* However, all of the "offending"
changes that say they weren't made do indeed seem to be
applied on all 4 nodes.

What are these changes?* What operations, attributes,
values, etc.


Is there a command I can use to remove
specific entries from the changelog?* In the past, i've
just re-initialized nodes to get rid of these, but
that's certainly not the preferred way to do this.



Thanks,

Stephen



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users













--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-10-2011, 01:04 PM
Rich Megginson
 
Default Changelog Modification

On 03/09/2011 10:34 PM, Stephen Agar wrote:
In my previous reading it seemed like fractional
replication wasn't possible in a multi-master environment.*
Statements like this from the administrators guide: "Fractional
replication can only be done where the consumer is a read-only
replica" are what i'm referring to.* Am I misunderstanding what
fractional replication is?


It is now supported in most cases.* Please direct me to statements
like the above in our docs and I will fix them.




Thanks



On Wed, Mar 9, 2011 at 11:18 AM, Rich
Megginson <rmeggins@redhat.com>
wrote:



On 03/09/2011 10:11 AM, Stephen Agar wrote:
I've seen multiple different types
of changes in there flagged as this issue.*

- Some was a custom "directory string" attribute, being
change from value notActivated to activated



I suppose this might be a problem if the schema were somehow
different between the two servers, which could happen if you
added the schema via a file and not via LDAP.


- Some password account lockout
attributes, resettime, etc.



See
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Managing_Replication-Replicating-Password-Attributes



- Most are modifications to the
"memberof" attribute, which is set by the member plugin



memberof should not be replicated - see http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#groups-cmd-memberof


there is an Important Note on that page about replicating
memberof

- Some are password changes


I suppose this could be possible if the password policy is
different on the supplier and the consumer




In all cases that i've checked, the data seems to be
correct and consistent across all 4 nodes.



Thanks for any insight.



--stephen





On Tue, Mar 8, 2011 at 3:21 PM,
Rich Megginson <rmeggins@redhat.com>
wrote:



On 03/08/2011 11:17 AM, Stephen Agar wrote:
I have a 4 server multi
master replication setup going on.* We get a
lot of errors like this:



*NSMMReplicationPlugin - agmt="cn="Replication
to server"" (server:636): Consumer failed to
replay change (uniqueid
2365a885-b85511df-ad54b6ca-51ecbecb, CSN
4d6ceae5000700010000): DSA is unwilling to
perform. Will retry later.



I've used cl-dump on all four nodes to dump
the logs and track these down.* However, all
of the "offending" changes that say they
weren't made do indeed seem to be applied on
all 4 nodes.

What are these changes?* What operations,
attributes, values, etc.


Is there a command I can use to remove
specific entries from the changelog?* In the
past, i've just re-initialized nodes to get
rid of these, but that's certainly not the
preferred way to do this.



Thanks,

Stephen



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users






















--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-14-2011, 04:17 PM
Stephen Agar
 
Default Changelog Modification

Thanks Rich.* So to modify an existing replication agreement and add some attribute exclusions, could I do something like the following:

create the .ldif below and add it each supplier agreement using ldapmodify?


dn: cn="Replication to p-ldap-isvr02.example.com",cn=replica,cn="dc=example,dc=c om",cn=mapping tree,cn=config
changetype: modify
replace: nsds5replicatedattributelist

nsds5replicatedattributelist: (objectclass=*) $ EXCLUDE accountunlocktime passwordretrycount retrycountresettime memberof

Would each consumer need to be re-initialized after making a change like this?

Thanks,

Stephen


On Thu, Mar 10, 2011 at 8:04 AM, Rich Megginson <rmeggins@redhat.com> wrote:








On 03/09/2011 10:34 PM, Stephen Agar wrote:
In my previous reading it seemed like fractional
replication wasn't possible in a multi-master environment.*
Statements like this from the administrators guide: "Fractional
replication can only be done where the consumer is a read-only
replica" are what i'm referring to.* Am I misunderstanding what
fractional replication is?


It is now supported in most cases.* Please direct me to statements
like the above in our docs and I will fix them.




Thanks



On Wed, Mar 9, 2011 at 11:18 AM, Rich
Megginson <rmeggins@redhat.com>
wrote:



On 03/09/2011 10:11 AM, Stephen Agar wrote:
I've seen multiple different types
of changes in there flagged as this issue.*

- Some was a custom "directory string" attribute, being
change from value notActivated to activated



I suppose this might be a problem if the schema were somehow
different between the two servers, which could happen if you
added the schema via a file and not via LDAP.


- Some password account lockout
attributes, resettime, etc.



See
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Managing_Replication-Replicating-Password-Attributes



- Most are modifications to the
"memberof" attribute, which is set by the member plugin



memberof should not be replicated - see http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#groups-cmd-memberof


there is an Important Note on that page about replicating
memberof

- Some are password changes


I suppose this could be possible if the password policy is
different on the supplier and the consumer




In all cases that i've checked, the data seems to be
correct and consistent across all 4 nodes.



Thanks for any insight.



--stephen





On Tue, Mar 8, 2011 at 3:21 PM,
Rich Megginson <rmeggins@redhat.com>
wrote:



On 03/08/2011 11:17 AM, Stephen Agar wrote:
I have a 4 server multi
master replication setup going on.* We get a
lot of errors like this:



*NSMMReplicationPlugin - agmt="cn="Replication
to server"" (server:636): Consumer failed to
replay change (uniqueid
2365a885-b85511df-ad54b6ca-51ecbecb, CSN
4d6ceae5000700010000): DSA is unwilling to
perform. Will retry later.



I've used cl-dump on all four nodes to dump
the logs and track these down.* However, all
of the "offending" changes that say they
weren't made do indeed seem to be applied on
all 4 nodes.

What are these changes?* What operations,
attributes, values, etc.


Is there a command I can use to remove
specific entries from the changelog?* In the
past, i've just re-initialized nodes to get
rid of these, but that's certainly not the
preferred way to do this.



Thanks,

Stephen



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
























--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 03:10 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org