November 2009 - 389-users - Fedora Mailing-Lists

New PassSync 1.1.3 to fix install issues - need testers

by Rich Megginson

I have a new PassSync package 1.1.3 that should address some install issues reported by some users on Windows 2008. Please test these and let me know how they work http://rmeggins.fedorapeople.org/389-PassSync-1.1.3-i386.msi http://rmeggins.fedorapeople.org/389-PassSync-1.1.3-x86_64.msi Thanks!

14 years, 5 months

3
3
0 / 0

Are you using 389-ds-base 1.2.4? 389-admin 1.1.9? PassSync 1.1.3?

by Rich Megginson

We are trying to get some feedback about the packages in testing before we push them out to stable. The packages currently in testing are: 389-ds-base 1.2.4 389-admin 1.1.9 Windows PassSync 1.1.3 We would really like to know if you are using these and, if so, if they are working for you (or not). These releases contain some bug fixes and a couple of new features that the community at large has asked for and would benefit from. But we don't want to push these releases to stable until we get some more feedback. Thanks

14 years, 5 months

1
0
0 / 0

more MMR issues

by Robert Viduya

I didn't get a response to my previous request for help and our situation degenerated (we lost 3 of our 4 masters) to the point where I felt we had to do a clean rebuild. We did that late last week into the weekend and had set up a 2 masters and assorted hubs and slaves. We used a clean ldif file to import into the first master, so no previous replica IDs were carried over from the previous environment. We are running directory version 1.2.2 on RHEL5.4, both 64-bit. Things were running fine until this morning, when one of our masters started reporting errors. We found this in it's errorlog: [10/Nov/2009:08:56:27 -0500] NSMMReplicationPlugin - multimaster_be_state_change: replica ou=people,dc=gted,dc=gatech,dc=edu is going offline; disabling replication [10/Nov/2009:08:59:29 -0500] - WARNING: Import is running with nsslapd- db-private-import-mem on; No other process is allowed to access the database [10/Nov/2009:08:59:33 -0500] - ERROR bulk import abandoned [10/Nov/2009:08:59:34 -0500] - import people: Aborting all import threads... [10/Nov/2009:08:59:42 -0500] - import people: Import threads aborted. [10/Nov/2009:08:59:43 -0500] - import people: Closing files... [10/Nov/2009:08:59:43 -0500] - import people: Import failed. [10/Nov/2009:09:01:51 -0500] NSMMReplicationPlugin - replica_replace_ruv_tombstone: failed to update replication update vector for replica ou=people,dc=gted,dc=gatech,dc=edu: LDAP error - 1 [10/Nov/2009:09:01:57 -0500] NSMMReplicationPlugin - replica_replace_ruv_tombstone: failed to update replication update vector for replica ou=people,dc=gted,dc=gatech,dc=edu: LDAP error - 1 [10/Nov/2009:09:02:01 -0500] NSMMReplicationPlugin - replica_replace_ruv_tombstone: failed to update replication update vector for replica ou=people,dc=gted,dc=gatech,dc=edu: LDAP error - 1 [10/Nov/2009:09:02:21 -0500] NSMMReplicationPlugin - replica_replace_ruv_tombstone: failed to update replication update vector for replica ou=people,dc=gted,dc=gatech,dc=edu: LDAP error - 1 [10/Nov/2009:09:02:26 -0500] NSMMReplicationPlugin - replica_replace_ruv_tombstone: failed to update replication update vector for replica ou=people,dc=gted,dc=gatech,dc=edu: LDAP error - 1 [10/Nov/2009:09:02:32 -0500] NSMMReplicationPlugin - replica_replace_ruv_tombstone: failed to update replication update vector for replica ou=people,dc=gted,dc=gatech,dc=edu: LDAP error - 1 That last line repeats until we brought the server down. The log _looks_ like someone/something triggered an import operation, but no- one did, on either master. The errorlog on the other master shows the following: [10/Nov/2009:08:39:29 -0500] - repl5_inc_waitfor_async_results timed out waiting for responses: 38 46 [10/Nov/2009:08:39:54 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Warning: unable to receive endReplication extended operation response (Bad parameter to an ldap routine) [10/Nov/2009:08:40:04 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Unable to receive the response for a startReplication extended operation to consumer (Bad parameter to an ldap routine). Will retry later. [10/Nov/2009:08:40:08 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Unable to receive the response for a startReplication extended operation to consumer (Bad parameter to an ldap routine). Will retry later. [10/Nov/2009:08:40:14 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Unable to receive the response for a startReplication extended operation to consumer (Bad parameter to an ldap routine). Will retry later. [10/Nov/2009:08:40:38 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Unable to receive the response for a startReplication extended operation to consumer (Bad parameter to an ldap routine). Will retry later. [10/Nov/2009:08:43:05 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Unable to receive the response for a startReplication extended operation to consumer (Bad parameter to an ldap routine). Will retry later. [10/Nov/2009:08:44:50 -0500] - repl5_inc_waitfor_async_results timed out waiting for responses: 6 8 [10/Nov/2009:08:47:08 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Unable to receive the response for a startReplication extended operation to consumer (Bad parameter to an ldap routine). Will retry later. [10/Nov/2009:08:47:08 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Incremental protocol: event backoff_timer_expired should not occur in state start_backoff [10/Nov/2009:08:47:12 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Unable to receive the response for a startReplication extended operation to consumer (Bad parameter to an ldap routine). Will retry later. [10/Nov/2009:08:47:18 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Incremental update failed and requires administrator action [10/Nov/2009:08:55:01 -0500] - repl5_inc_waitfor_async_results timed out waiting for responses: 13 14 [10/Nov/2009:08:55:01 -0500] - repl5_inc_waitfor_async_results timed out waiting for responses: 59 81 [10/Nov/2009:08:55:14 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Warning: unable to receive endReplication extended operation response (Bad parameter to an ldap routine) [10/Nov/2009:08:55:24 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Unable to receive the response for a startReplication extended operation to consumer (Bad parameter to an ldap routine). Will retry later. [10/Nov/2009:08:55:28 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Unable to receive the response for a startReplication extended operation to consumer (Bad parameter to an ldap routine). Will retry later. [10/Nov/2009:08:55:34 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Unable to receive the response for a startReplication extended operation to consumer (Bad parameter to an ldap routine). Will retry later. [10/Nov/2009:08:55:46 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Unable to receive the response for a startReplication extended operation to consumer (Bad parameter to an ldap routine). Will retry later. [10/Nov/2009:08:56:10 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Unable to receive the response for a startReplication extended operation to consumer (Bad parameter to an ldap routine). Will retry later. [10/Nov/2009:08:56:58 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Unable to receive the response for a startReplication extended operation to consumer (Bad parameter to an ldap routine). Will retry later. [10/Nov/2009:08:58:34 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Replication bind with SIMPLE auth resumed [10/Nov/2009:09:01:47 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Consumer failed to replay change (uniqueid 51dccc08-9efe11de-8efe8516-22c1043e, CSN 4af96f8a000200370000): Operations error. Will retry later. [10/Nov/2009:09:01:47 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Consumer failed to replay change (uniqueid 5ad5610c-1dd211b2-80b9be51-952a0000, CSN 4af96f8b000000370000): Operations error. Will retry later. [10/Nov/2009:09:01:47 -0500] NSMMReplicationPlugin - agmt="cn=people rewbell gertrude" (gertrude:636): Consumer failed to replay change (uniqueid 213cd58e-cd7b11de-b535d108-950067b1, CSN 4af96fcf000000370000): Operations error. Will retry later. Again, that last line repeats until we brought down the errant server. We've seen this behavior a few times since upgrading. One of our masters somehow thinks it's supposed to do an import and trashes it's copy of the data. No person had triggered an import or a supplier- >consumer initialization. Are there conditions where the directory server itself would trigger such an operation autonomously?

14 years, 5 months

2
7
0 / 0

memberof entries not appearing in replica with memberof plugin

by John A. Sullivan III

Hello, all. I'm running CentOS Directory Server 8.1 on CentOS 5.4. For some reason, the memberof plugin does not seem to be working on the replica. My first suspicion is we have done something wrong but I wonder if there is an error in the documentation. Here are the details. We are single master setup with a single replica. We noticed some of our LDAP queries were not correctly detecting group membership. We double checked the memberofplugin configuration and, for some reason, it seem to have reverted to looking at member instead of uniquemember. We changed this on the master and our problem went away. However, in the process of double-checking our steps, we read that the memberof attribute should NOT be replicated. We had not excluded it. So, we destroyed the replication agreement, created a new fractional replication enabled one, and reinitialized the replica. All of the memberof information was missing from all users on the replica. We then tried to rebuild it by running the fixup-memberof.pl script. That didn't work. We then simply tried deleting users from groups and adding them to see if that would work. It worked fine on the master but not on the replica. Is the documentation in error and replication of memberof should be excluded only in multimaster but should be propagated to consumers or have we done something wrong? I compared the memberofplugin definitions in dse.ldif on both and they look identical including being enabled. Nothing is jumping out in the error or audit logs. We eventually added memberof to the replication agreement and resynchronized just to get the data across. We've pulled it back out and, as expected, any changes are not replicating. What are we doing wrong? Where do we look next to troubleshoot it? Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan(a)opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society

14 years, 5 months

2
1
0 / 0

Replication errors with single master

by Terry Soucy

Hi Folks, I have a weird issue that I can't find much information about. We have a single-master replication setup, with the supplier replicating to two consumers. The software is the same on all three systems (fedora-ds-1.1.3-1) installed from packages. These are all new RHEL5.4 systems, i386 arch with 8G of RAM running the latest PAE kernel. The error received is as follows ... On the supplier ... [10/Nov/2009:11:52:20 -0400] NSMMReplicationPlugin - agmt="cn=Gaia to Nyx" (nyx:389): Replica has a different generation ID than the local data. Lots of those, then the replication fails. On the consumer ... [10/Nov/2009:10:52:21 -0400] NSMMReplicationPlugin - replica_replace_ruv_tombstone: failed to update replication update vector for replica dc=unb,dc=ca: LDAP error - 1 Earlier attempts to create a replica have resulted in a File not found error, as for some reason, all of the db4 files in the userRoot (/var/lib/dirsrv/slapd-nyx/db) mysteriously disappeared. Thoughts? We have beeen pouring over this for a bit now. Before we went production, I was able to create replicas from the single supplier to multiple consumers with no issues. We tested replication by updating the supplier, and replication was spot on. Once we went production, replication went to hell, and now even the simple task of creating a replica is causing us no end of grief. Thanks in advance. Terry Soucy -- Terry Soucy, Systems Analyst Integrated Technology Services University of New Brunswick, Fredericton Campus http://www.unbf.ca/its Voice: 506.447.3018 Fax: 506.453.3590 E-mail: tsoucy(a)unb.ca ** ITS is a scent-reduced workplace - www.unbf.ca/its/policies **

14 years, 5 months

2
1
0 / 0

Links for new passsync files

by James Roman

I am unable to download the 1.2.1 versions of the passsync msi files. I could really use the x86_64 version.

14 years, 5 months

4
9
0 / 0

Administration URL

by Jesster Leight

Hello, How I can enter to the 389-console ? I need correct port for Administration URL. (for example 0.0.0.0:9830 0.0.0.0:* LISTEN 8932/httpd.worker) On my Fedora 11 i have RHN-Satellite and 389 Directory Server. Satellite service stoped and /etc/init.d/dirsrv started. Netstat show next stats: $ netstat -ptan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:57485 0.0.0.0:* LISTEN 1223/rpc.statd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1205/rpcbind tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 2281/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1558/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1294/cupsd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1722/sendmail: acce tcp 0 0 10.1.10.211:35594 74.125.87.167:80 ESTABLISHED 7784/firefox tcp 0 0 10.1.10.211:57888 74.125.87.189:80 ESTABLISHED 7784/firefox tcp 0 0 10.1.10.211:36308 74.125.87.103:80 ESTABLISHED 7784/firefox tcp 0 0 10.1.10.211:44402 74.125.87.132:80 ESTABLISHED 7784/firefox tcp 0 0 10.1.10.211:41462 74.125.87.17:80 ESTABLISHED 7784/firefox tcp 0 0 10.1.10.211:41463 74.125.87.17:80 TIME_WAIT - tcp 0 0 :::111 :::* LISTEN 1205/rpcbind tcp 0 0 :::22 :::* LISTEN 1558/sshd tcp 0 0 ::1:631 :::* LISTEN 1294/cupsd tcp 0 0 :::389 :::* LISTEN 9637/ns-slapd $ /etc/init.d/dirsrv status dirsrv satellite (pid 9637) is running... Where is httpd.worker processes ?

14 years, 5 months

2
2
0 / 0

Is there any SSO free implementation that works with Project-389?

by Morenisco

Hi, Well, I have experience with OID and the SSO that comes with the infrastructure (Oracle Internet Directory), and I would like to know if there is any single sign on free implementation that I could use with Project-389. I'm thinking about the followin event: when a person needs to change his own password, after have created his/her user account, and get login to some systems with the same credentials that are in the directory. Thats' all, thanks! -- Morenisco. Centro de Difusión de Software Libre. http://www.cdsl.cl http://trabajosfloss.cdsl.cl Blog: http://morenisco.noc-root.net

14 years, 5 months

2
1
0 / 0

Re: Fedora EPEL 5 updates-testing report - 389 coming to EPEL.

by Orion Poplawski

On 11/06/2009 11:32 AM, updates(a)fedoraproject.org wrote: > The following builds have been pushed to Fedora EPEL 5 updates-testing > > 389-admin-1.1.9-1.el5 > 389-admin-console-1.1.4-3.el5 > 389-adminutil-1.1.8-4.el5 > 389-ds-1.1.3-6.el5 > 389-ds-base-1.2.4-1.el5 > 389-ds-console-1.2.0-5.el5 > 389-dsgw-1.1.4-1.el5 > idm-console-framework-1.1.3-3.el5 > jss-4.2.5-1.el5 > > Details about builds: > > > ================================================================================ > 389-admin-1.1.9-1.el5 (FEDORA-EPEL-2009-0803) > 389 Administration Server (admin) > -------------------------------------------------------------------------------- > Update Information: > > 389 package suite now available in EPEL. > -------------------------------------------------------------------------------- Looks like we're still waiting for 389-console too: 389-ds-1.1.3-6.el5.noarch from epel-testing has depsolving problems --> Missing Dependency: 389-console is needed by package 389-ds-1.1.3-6.el5.noarch (epel-testing) But more to the point, what are the gotchas upgrading from: fedora-ds-admin-console-1.1.2-1.el5 fedora-ds-1.1.2-1.el5 fedora-ds-admin-1.1.6-1.el5 fedora-ds-dsgw-1.1.1-1.el5 fedora-ds-base-1.1.2-1.el5 fedora-ds-console-1.1.2-2.el5 I seem to recall a warning posted somewhere about things getting shutdown/removed. Anything else? -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion(a)cora.nwra.com Boulder, CO 80301 http://www.cora.nwra.com

14 years, 5 months

1
0
0 / 0

Attribute Rewrite / overlay?

by Hartmann, Tim

Hi, We've run into a situation where we are looking at chaining our directory with another directory, but need to rewrite one of the attributes? We need "cn: Joe User" to show up as "displayName: Joe User" In my research I noticed a feature which looked like it did that in openldap, and was hoping there was something similar in 389. http://www.openldap.org/doc/admin24/overlays.html#Rewrite/Remap I've dug into ACI's Views and COS and nothing seems to do remapping, though this thread gave me hope, but doesn't seems like it's quite what I'm looking for... http://www.mail-archive.com/fedora-directory-users@redhat.com/msg09764.html Has anyone done attribute remapping with 389 or is that still in the roadmap? Thanks! Tim

14 years, 5 months

2
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users November 2009