8:42 a.m.
Hi team,
I want to sync user and password from Windows 2019 to 389ds one
way sync, I have configured the OnewaySync. But not working. This is the error log for
your reference.
Error log:
WARN - NSMMReplicationPlugin - windows sync - windows_inc_run -
agmt="cn=winsync" (172:389): Replica has no update vector. It has never been
initialized.
ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Beginning total update of
replica "agmt="cn=winsync" (172:389)".
ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Finished total update of
replica "agmt="cn=winsync" (172:389)". Sent 0 entries.
12:17 p.m.
This is not enough info to diagnosis the issue. Please provide the
replication agreement, and enable replication logging. Then attempt the
reinit again, and provide all of that logging. Note you must use
StartTLS or LDAPS/TLS as the agreement connection protocol or else
dirsync will not accept the connection on the AD side, and it will not
sync any entries (which is what this looks like right now)...
On 11/28/21 9:42 AM, Dhivagar A wrote:
Hi team,
I want to sync user and password from Windows 2019 to 389ds one
way sync, I have configured the OnewaySync. But not working. This is the error log for
your reference.
Error log:
WARN - NSMMReplicationPlugin - windows sync - windows_inc_run -
agmt="cn=winsync" (172:389): Replica has no update vector. It has never been
initialized.
ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Beginning total update of
replica "agmt="cn=winsync" (172:389)".
ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Finished total update of
replica "agmt="cn=winsync" (172:389)". Sent 0 entries.
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
--
Directory Server Development Team
1:01 p.m.
Hi,
Please find the your requested information.
The Synchronization Agreement:
DS Host: 389ds.ldapexample.com:389
Windows Host: server.adexample.com:389
DS Subtree: ou=People,dc=ldapexample,dc=com
Windows Subtree: dc=adexample,dc=com
Replicated subtree: dc=ldapexample,dc=com
PassSync service on the AD Server :
Hostname - 389ds.ldapexample.com
Port- 636
Username - cn=sync,cn=config
password - XXXXXXX
Search base - ou=People,dc=ldapexample,dc=com
Error log:
[29/Nov/2021:00:23:05.608343706 +051800] - ERR - NSMMReplicationPlugin - windows sync -
windows_tot_run - Beginning total update of replica "agmt="cn=winsync"
(172:389)".
[29/Nov/2021:00:23:05.784338132 +051800] - ERR - NSMMReplicationPlugin - windows sync -
windows_tot_run - Finished total update of replica "agmt="cn=winsync"
(172:389)". Sent 0 entries.
Access log:
389-Directory/1.3.10.2 B2021.287.1227
389ds.ldapexample.com:636 (/etc/dirsrv/slapd-server)
[29/Nov/2021:00:20:13.002450431 +051800] conn=115 op=127 SRCH
base="cn=changelog5,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[29/Nov/2021:00:20:13.002576871 +051800] conn=115 op=127 RESULT err=0 tag=101 nentries=1
wtime=0.000129135 optime=0.000132157 etime=0.000259223
[29/Nov/2021:00:20:13.009244074 +051800] conn=115 op=128 SRCH
base="cn=changelog5,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[29/Nov/2021:00:20:13.009317634 +051800] conn=115 op=128 RESULT err=0 tag=101 nentries=1
wtime=0.006551066 optime=0.000074431 etime=0.006623728
[29/Nov/2021:00:23:00.464882257 +051800] conn=115 op=130 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[29/Nov/2021:00:23:00.465116506 +051800] conn=115 op=130 RESULT err=0 tag=101 nentries=1
wtime=0.000126890 optime=0.000240489 etime=0.000365735
[29/Nov/2021:00:23:00.466440118 +051800] conn=115 op=131 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="description"
[29/Nov/2021:00:23:00.466576783 +051800] conn=115 op=131 RESULT err=0 tag=101 nentries=1
wtime=0.001180880 optime=0.000138519 etime=0.001317885
[29/Nov/2021:00:23:00.468370294 +051800] conn=115 op=132 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[29/Nov/2021:00:23:00.468511671 +051800] conn=115 op=132 RESULT err=0 tag=101 nentries=1
wtime=0.001734410 optime=0.000142543 etime=0.001875509
[29/Nov/2021:00:23:02.902149366 +051800] conn=115 op=134 SRCH
base="cn=replication,cn=config" scope=2 filter="(objectClass=*)"
attrs=ALL
[29/Nov/2021:00:23:02.902319246 +051800] conn=115 op=134 RESULT err=0 tag=101 nentries=1
wtime=0.000088649 optime=0.000172709 etime=0.000259197
[29/Nov/2021:00:23:04.604228446 +051800] conn=115 op=135 MOD
dn="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config"
[29/Nov/2021:00:23:05.608721541 +051800] conn=115 op=135 RESULT err=0 tag=103 nentries=0
wtime=0.000076556 optime=1.004498094 etime=1.004572111
[29/Nov/2021:00:23:08.609188140 +051800] conn=115 op=136 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd
nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
[29/Nov/2021:00:23:08.609392599 +051800] conn=115 op=136 RESULT err=0 tag=101 nentries=1
wtime=0.000094326 optime=0.000208306 etime=0.000300676
4:56 p.m.
Hey mate,
On 29 Nov 2021, at 05:01, Dhivagar A <ssdhivagar(a)gmail.com>
wrote:
Hi,
Please find the your requested information.
The Synchronization Agreement:
DS Host: 389ds.ldapexample.com:389
Windows Host: server.adexample.com:389
DS Subtree: ou=People,dc=ldapexample,dc=com
Windows Subtree: dc=adexample,dc=com
Replicated subtree: dc=ldapexample,dc=com
we need to actually see the details of the entry in dse.ldif which contains the
objectclass "nsDSWindowsReplicationAgreement". You should remove the line
nsDS5ReplicaCredentials however.
PassSync service on the AD Server :
Hostname - 389ds.ldapexample.com
Port- 636
Username - cn=sync,cn=config
password - XXXXXXX
Search base - ou=People,dc=ldapexample,dc=com
Error log:
When mark mentioned the errorlog level for replication I think you need to change the
value 8192 which enables the extended logging we require.
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
8:18 p.m.
Hi,
I have removed the line "nsDS5ReplicaCredentials" from dse.ldif. After restart
the service.
Error log:
[29/Nov/2021:07:19:53.908626723 +051800] - INFO - main - 389-Directory/1.3.10.2
B2021.287.1227 starting up
[29/Nov/2021:07:19:53.908781373 +051800] - INFO - main - Setting the maximum file
descriptor limit to: 16384
[29/Nov/2021:07:19:58.015480108 +051800] - INFO - ldbm_instance_config_cachememsize_set -
force a minimal value 512000
[29/Nov/2021:07:19:58.021871694 +051800] - INFO - ldbm_instance_config_cachememsize_set -
force a minimal value 512000
[29/Nov/2021:07:19:58.027991820 +051800] - NOTICE - ldbm_back_start - found 3880196k
physical memory
[29/Nov/2021:07:19:58.028167643 +051800] - NOTICE - ldbm_back_start - found 3253888k
available
[29/Nov/2021:07:19:58.028307714 +051800] - NOTICE - ldbm_back_start - cache autosizing: db
cache: 97004k
[29/Nov/2021:07:19:58.028455119 +051800] - NOTICE - ldbm_back_start - cache autosizing:
userRoot entry cache (2 total): 131072k
[29/Nov/2021:07:19:58.029137403 +051800] - NOTICE - ldbm_back_start - cache autosizing:
userRoot dn cache (2 total): 65536k
[29/Nov/2021:07:19:58.029553007 +051800] - NOTICE - ldbm_back_start - cache autosizing:
NetscapeRoot entry cache (2 total): 131072k
[29/Nov/2021:07:19:58.030246904 +051800] - NOTICE - ldbm_back_start - cache autosizing:
NetscapeRoot dn cache (2 total): 65536k
[29/Nov/2021:07:19:58.030633784 +051800] - NOTICE - ldbm_back_start - total cache size:
482119597 B;
[29/Nov/2021:07:19:58.132875637 +051800] - ERR - NSMMReplicationPlugin - agmt_is_valid -
Replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" is malformed: a bind DN and password must be supplied for
authentication method "SIMPLE"
[29/Nov/2021:07:19:58.133160791 +051800] - ERR - NSMMReplicationPlugin -
agmt_new_from_entry - Failed to parse agreement, skipping.
[29/Nov/2021:07:19:58.140532467 +051800] - INFO - slapd_daemon - slapd started. Listening
on All Interfaces port 389 for LDAP requests
[29/Nov/2021:07:19:58.140777653 +051800] - INFO - slapd_daemon - Listening on All
Interfaces port 636 for LDAPS requests
[29/Nov/2021:07:22:08.139657332 +051800] - WARN - NSMMReplicationPlugin -
agmtlist_modify_callback - Received a modification for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:22:08.152614757 +051800] - WARN - NSMMReplicationPlugin -
agmtlist_modify_callback - Received a modification for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:23:43.481717340 +051800] - WARN - NSMMReplicationPlugin -
agmtlist_modify_callback - Received a modification for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:27:39.184573271 +051800] - WARN - NSMMReplicationPlugin -
agmtlist_modify_callback - Received a modification for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
Access log:
[29/Nov/2021:07:27:58.246409555 +051800] conn=3 op=1621504 SRCH
base="cn=replication,cn=config" scope=2 filter="(objectClass=*)"
attrs=ALL
[29/Nov/2021:07:27:58.246495268 +051800] conn=3 op=1621504 RESULT err=0 tag=101 nentries=1
wtime=0.000058722 optime=0.000087634 etime=0.000144687
[29/Nov/2021:07:27:58.246745817 +051800] conn=3 op=1621505 SRCH base="cn=mapping
tree,cn=config" scope=2
filter="(|(objectClass=nsDS5ReplicationAgreement)(objectClass=LDAPReplica)(objectClass=nsDSWindowsReplicationAgreement))"
attrs=ALL
[29/Nov/2021:07:27:58.246914678 +051800] conn=3 op=1621505 RESULT err=0 tag=101 nentries=1
wtime=0.000063352 optime=0.000170331 etime=0.000231855
[29/Nov/2021:07:27:58.247145331 +051800] conn=3 op=1621506 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd
nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
[29/Nov/2021:07:27:58.247227360 +051800] conn=3 op=1621506 RESULT err=0 tag=101 nentries=1
wtime=0.000051133 optime=0.000083721 etime=0.000133737
[29/Nov/2021:07:28:02.294754452 +051800] conn=3 op=1621507 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[29/Nov/2021:07:28:02.294925282 +051800] conn=3 op=1621507 RESULT err=0 tag=101 nentries=1
wtime=0.000079217 optime=0.000173837 etime=0.000251265
[29/Nov/2021:07:28:02.295800388 +051800] conn=3 op=1621508 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="description"
[29/Nov/2021:07:28:02.295898180 +051800] conn=3 op=1621508 RESULT err=0 tag=101 nentries=1
wtime=0.000807492 optime=0.000099189 etime=0.000905100
[29/Nov/2021:07:28:02.297138601 +051800] conn=3 op=1621509 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[29/Nov/2021:07:28:02.297229867 +051800] conn=3 op=1621509 RESULT err=0 tag=101 nentries=1
wtime=0.001202980 optime=0.000092490 etime=0.001293973
how to change the
value 8192 of logs.
8:40 p.m.
I'm sorry if what I said wasn't clear. You need to *send us* that entry from
dse.ldif so that we can look at it, but when you send that to us you need to remove that
line.
By removing this from dse.ldif you just broken your replication agreement, so you'll
need to re-add the credentials.
To set the log level you need to use the dsconf command to change nsslapd-errorlog-level.
On 29 Nov 2021, at 12:18, Dhivagar A <ssdhivagar(a)gmail.com>
wrote:
Hi,
I have removed the line "nsDS5ReplicaCredentials" from dse.ldif. After restart
the service.
Error log:
[29/Nov/2021:07:19:53.908626723 +051800] - INFO - main - 389-Directory/1.3.10.2
B2021.287.1227 starting up
[29/Nov/2021:07:19:53.908781373 +051800] - INFO - main - Setting the maximum file
descriptor limit to: 16384
[29/Nov/2021:07:19:58.015480108 +051800] - INFO - ldbm_instance_config_cachememsize_set -
force a minimal value 512000
[29/Nov/2021:07:19:58.021871694 +051800] - INFO - ldbm_instance_config_cachememsize_set -
force a minimal value 512000
[29/Nov/2021:07:19:58.027991820 +051800] - NOTICE - ldbm_back_start - found 3880196k
physical memory
[29/Nov/2021:07:19:58.028167643 +051800] - NOTICE - ldbm_back_start - found 3253888k
available
[29/Nov/2021:07:19:58.028307714 +051800] - NOTICE - ldbm_back_start - cache autosizing:
db cache: 97004k
[29/Nov/2021:07:19:58.028455119 +051800] - NOTICE - ldbm_back_start - cache autosizing:
userRoot entry cache (2 total): 131072k
[29/Nov/2021:07:19:58.029137403 +051800] - NOTICE - ldbm_back_start - cache autosizing:
userRoot dn cache (2 total): 65536k
[29/Nov/2021:07:19:58.029553007 +051800] - NOTICE - ldbm_back_start - cache autosizing:
NetscapeRoot entry cache (2 total): 131072k
[29/Nov/2021:07:19:58.030246904 +051800] - NOTICE - ldbm_back_start - cache autosizing:
NetscapeRoot dn cache (2 total): 65536k
[29/Nov/2021:07:19:58.030633784 +051800] - NOTICE - ldbm_back_start - total cache size:
482119597 B;
[29/Nov/2021:07:19:58.132875637 +051800] - ERR - NSMMReplicationPlugin - agmt_is_valid -
Replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" is malformed: a bind DN and password must be supplied for
authentication method "SIMPLE"
[29/Nov/2021:07:19:58.133160791 +051800] - ERR - NSMMReplicationPlugin -
agmt_new_from_entry - Failed to parse agreement, skipping.
[29/Nov/2021:07:19:58.140532467 +051800] - INFO - slapd_daemon - slapd started.
Listening on All Interfaces port 389 for LDAP requests
[29/Nov/2021:07:19:58.140777653 +051800] - INFO - slapd_daemon - Listening on All
Interfaces port 636 for LDAPS requests
[29/Nov/2021:07:22:08.139657332 +051800] - WARN - NSMMReplicationPlugin -
agmtlist_modify_callback - Received a modification for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:22:08.152614757 +051800] - WARN - NSMMReplicationPlugin -
agmtlist_modify_callback - Received a modification for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:23:43.481717340 +051800] - WARN - NSMMReplicationPlugin -
agmtlist_modify_callback - Received a modification for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:27:39.184573271 +051800] - WARN - NSMMReplicationPlugin -
agmtlist_modify_callback - Received a modification for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
Access log:
[29/Nov/2021:07:27:58.246409555 +051800] conn=3 op=1621504 SRCH
base="cn=replication,cn=config" scope=2 filter="(objectClass=*)"
attrs=ALL
[29/Nov/2021:07:27:58.246495268 +051800] conn=3 op=1621504 RESULT err=0 tag=101
nentries=1 wtime=0.000058722 optime=0.000087634 etime=0.000144687
[29/Nov/2021:07:27:58.246745817 +051800] conn=3 op=1621505 SRCH base="cn=mapping
tree,cn=config" scope=2
filter="(|(objectClass=nsDS5ReplicationAgreement)(objectClass=LDAPReplica)(objectClass=nsDSWindowsReplicationAgreement))"
attrs=ALL
[29/Nov/2021:07:27:58.246914678 +051800] conn=3 op=1621505 RESULT err=0 tag=101
nentries=1 wtime=0.000063352 optime=0.000170331 etime=0.000231855
[29/Nov/2021:07:27:58.247145331 +051800] conn=3 op=1621506 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd
nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
[29/Nov/2021:07:27:58.247227360 +051800] conn=3 op=1621506 RESULT err=0 tag=101
nentries=1 wtime=0.000051133 optime=0.000083721 etime=0.000133737
[29/Nov/2021:07:28:02.294754452 +051800] conn=3 op=1621507 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[29/Nov/2021:07:28:02.294925282 +051800] conn=3 op=1621507 RESULT err=0 tag=101
nentries=1 wtime=0.000079217 optime=0.000173837 etime=0.000251265
[29/Nov/2021:07:28:02.295800388 +051800] conn=3 op=1621508 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="description"
[29/Nov/2021:07:28:02.295898180 +051800] conn=3 op=1621508 RESULT err=0 tag=101
nentries=1 wtime=0.000807492 optime=0.000099189 etime=0.000905100
[29/Nov/2021:07:28:02.297138601 +051800] conn=3 op=1621509 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[29/Nov/2021:07:28:02.297229867 +051800] conn=3 op=1621509 RESULT err=0 tag=101
nentries=1 wtime=0.001202980 optime=0.000092490 etime=0.001293973
how to change the
value 8192 of logs.
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
9:20 p.m.
Hi Team,
Thanks for the clarification.
I have removed the entry from the dse.ldif file and attached it to this
email.
On Mon, Nov 29, 2021 at 8:10 AM William Brown <william.brown(a)suse.com>
wrote:
I'm sorry if what I said wasn't clear. You need to *send us*
that entry
from dse.ldif so that we can look at it, but when you send that to us you
need to remove that line.
By removing this from dse.ldif you just broken your replication agreement,
so you'll need to re-add the credentials.
To set the log level you need to use the dsconf command to change
nsslapd-errorlog-level.
> On 29 Nov 2021, at 12:18, Dhivagar A <ssdhivagar(a)gmail.com> wrote:
>
> Hi,
>
> I have removed the line "nsDS5ReplicaCredentials" from dse.ldif. After
restart the service.
>
> Error log:
>
> [29/Nov/2021:07:19:53.908626723 +051800] - INFO - main - 389-Directory/
1.3.10.2 B2021.287.1227 starting up
> [29/Nov/2021:07:19:53.908781373 +051800] - INFO - main - Setting the
maximum file descriptor limit to: 16384
> [29/Nov/2021:07:19:58.015480108 +051800] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> [29/Nov/2021:07:19:58.021871694 +051800] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> [29/Nov/2021:07:19:58.027991820 +051800] - NOTICE - ldbm_back_start -
found 3880196k physical memory
> [29/Nov/2021:07:19:58.028167643 +051800] - NOTICE - ldbm_back_start -
found 3253888k available
> [29/Nov/2021:07:19:58.028307714 +051800] - NOTICE - ldbm_back_start -
cache autosizing: db cache: 97004k
> [29/Nov/2021:07:19:58.028455119 +051800] - NOTICE - ldbm_back_start -
cache autosizing: userRoot entry cache (2 total): 131072k
> [29/Nov/2021:07:19:58.029137403 +051800] - NOTICE - ldbm_back_start -
cache autosizing: userRoot dn cache (2 total): 65536k
> [29/Nov/2021:07:19:58.029553007 +051800] - NOTICE - ldbm_back_start -
cache autosizing: NetscapeRoot entry cache (2 total): 131072k
> [29/Nov/2021:07:19:58.030246904 +051800] - NOTICE - ldbm_back_start -
cache autosizing: NetscapeRoot dn cache (2 total): 65536k
> [29/Nov/2021:07:19:58.030633784 +051800] - NOTICE - ldbm_back_start -
total cache size: 482119597 B;
> [29/Nov/2021:07:19:58.132875637 +051800] - ERR - NSMMReplicationPlugin -
agmt_is_valid - Replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" is malformed: a bind DN and password must be supplied for
authentication method "SIMPLE"
> [29/Nov/2021:07:19:58.133160791 +051800] - ERR - NSMMReplicationPlugin -
agmt_new_from_entry - Failed to parse agreement, skipping.
> [29/Nov/2021:07:19:58.140532467 +051800] - INFO - slapd_daemon - slapd
started. Listening on All Interfaces port 389 for LDAP requests
> [29/Nov/2021:07:19:58.140777653 +051800] - INFO - slapd_daemon -
Listening on All Interfaces port 636 for LDAPS requests
> [29/Nov/2021:07:22:08.139657332 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config"
> [29/Nov/2021:07:22:08.152614757 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config"
> [29/Nov/2021:07:23:43.481717340 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config"
> [29/Nov/2021:07:27:39.184573271 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config"
>
>
> Access log:
>
> [29/Nov/2021:07:27:58.246409555 +051800] conn=3 op=1621504 SRCH
base="cn=replication,cn=config" scope=2 filter="(objectClass=*)"
attrs=ALL
> [29/Nov/2021:07:27:58.246495268 +051800] conn=3 op=1621504 RESULT err=0
tag=101 nentries=1 wtime=0.000058722 optime=0.000087634 etime=0.000144687
> [29/Nov/2021:07:27:58.246745817 +051800] conn=3 op=1621505 SRCH
base="cn=mapping tree,cn=config" scope=2
filter="(|(objectClass=nsDS5ReplicationAgreement)(objectClass=LDAPReplica)(objectClass=nsDSWindowsReplicationAgreement))"
attrs=ALL
> [29/Nov/2021:07:27:58.246914678 +051800] conn=3 op=1621505 RESULT err=0
tag=101 nentries=1 wtime=0.000063352 optime=0.000170331 etime=0.000231855
> [29/Nov/2021:07:27:58.247145331 +051800] conn=3 op=1621506 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart
nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
> [29/Nov/2021:07:27:58.247227360 +051800] conn=3 op=1621506 RESULT err=0
tag=101 nentries=1 wtime=0.000051133 optime=0.000083721 etime=0.000133737
> [29/Nov/2021:07:28:02.294754452 +051800] conn=3 op=1621507 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
> [29/Nov/2021:07:28:02.294925282 +051800] conn=3 op=1621507 RESULT err=0
tag=101 nentries=1 wtime=0.000079217 optime=0.000173837 etime=0.000251265
> [29/Nov/2021:07:28:02.295800388 +051800] conn=3 op=1621508 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="description"
> [29/Nov/2021:07:28:02.295898180 +051800] conn=3 op=1621508 RESULT err=0
tag=101 nentries=1 wtime=0.000807492 optime=0.000099189 etime=0.000905100
> [29/Nov/2021:07:28:02.297138601 +051800] conn=3 op=1621509 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
> [29/Nov/2021:07:28:02.297229867 +051800] conn=3 op=1621509 RESULT err=0
tag=101 nentries=1 wtime=0.001202980 optime=0.000092490 etime=0.001293973
>
> how to change the
> value 8192 of logs.
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
9:22 p.m.
Hi Team,
Thanks for the clarification.
I have removed the entry from the dse.ldif file and attached it to this
email.
On Mon, Nov 29, 2021 at 8:10 AM William Brown <william.brown(a)suse.com>
wrote:
I'm sorry if what I said wasn't clear. You need to *send us*
that entry
from dse.ldif so that we can look at it, but when you send that to us you
need to remove that line.
By removing this from dse.ldif you just broken your replication agreement,
so you'll need to re-add the credentials.
To set the log level you need to use the dsconf command to change
nsslapd-errorlog-level.
> On 29 Nov 2021, at 12:18, Dhivagar A <ssdhivagar(a)gmail.com> wrote:
>
> Hi,
>
> I have removed the line "nsDS5ReplicaCredentials" from dse.ldif. After
restart the service.
>
> Error log:
>
> [29/Nov/2021:07:19:53.908626723 +051800] - INFO - main - 389-Directory/
1.3.10.2 B2021.287.1227 starting up
> [29/Nov/2021:07:19:53.908781373 +051800] - INFO - main - Setting the
maximum file descriptor limit to: 16384
> [29/Nov/2021:07:19:58.015480108 +051800] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> [29/Nov/2021:07:19:58.021871694 +051800] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> [29/Nov/2021:07:19:58.027991820 +051800] - NOTICE - ldbm_back_start -
found 3880196k physical memory
> [29/Nov/2021:07:19:58.028167643 +051800] - NOTICE - ldbm_back_start -
found 3253888k available
> [29/Nov/2021:07:19:58.028307714 +051800] - NOTICE - ldbm_back_start -
cache autosizing: db cache: 97004k
> [29/Nov/2021:07:19:58.028455119 +051800] - NOTICE - ldbm_back_start -
cache autosizing: userRoot entry cache (2 total): 131072k
> [29/Nov/2021:07:19:58.029137403 +051800] - NOTICE - ldbm_back_start -
cache autosizing: userRoot dn cache (2 total): 65536k
> [29/Nov/2021:07:19:58.029553007 +051800] - NOTICE - ldbm_back_start -
cache autosizing: NetscapeRoot entry cache (2 total): 131072k
> [29/Nov/2021:07:19:58.030246904 +051800] - NOTICE - ldbm_back_start -
cache autosizing: NetscapeRoot dn cache (2 total): 65536k
> [29/Nov/2021:07:19:58.030633784 +051800] - NOTICE - ldbm_back_start -
total cache size: 482119597 B;
> [29/Nov/2021:07:19:58.132875637 +051800] - ERR - NSMMReplicationPlugin -
agmt_is_valid - Replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" is malformed: a bind DN and password must be supplied for
authentication method "SIMPLE"
> [29/Nov/2021:07:19:58.133160791 +051800] - ERR - NSMMReplicationPlugin -
agmt_new_from_entry - Failed to parse agreement, skipping.
> [29/Nov/2021:07:19:58.140532467 +051800] - INFO - slapd_daemon - slapd
started. Listening on All Interfaces port 389 for LDAP requests
> [29/Nov/2021:07:19:58.140777653 +051800] - INFO - slapd_daemon -
Listening on All Interfaces port 636 for LDAPS requests
> [29/Nov/2021:07:22:08.139657332 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config"
> [29/Nov/2021:07:22:08.152614757 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config"
> [29/Nov/2021:07:23:43.481717340 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config"
> [29/Nov/2021:07:27:39.184573271 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config"
>
>
> Access log:
>
> [29/Nov/2021:07:27:58.246409555 +051800] conn=3 op=1621504 SRCH
base="cn=replication,cn=config" scope=2 filter="(objectClass=*)"
attrs=ALL
> [29/Nov/2021:07:27:58.246495268 +051800] conn=3 op=1621504 RESULT err=0
tag=101 nentries=1 wtime=0.000058722 optime=0.000087634 etime=0.000144687
> [29/Nov/2021:07:27:58.246745817 +051800] conn=3 op=1621505 SRCH
base="cn=mapping tree,cn=config" scope=2
filter="(|(objectClass=nsDS5ReplicationAgreement)(objectClass=LDAPReplica)(objectClass=nsDSWindowsReplicationAgreement))"
attrs=ALL
> [29/Nov/2021:07:27:58.246914678 +051800] conn=3 op=1621505 RESULT err=0
tag=101 nentries=1 wtime=0.000063352 optime=0.000170331 etime=0.000231855
> [29/Nov/2021:07:27:58.247145331 +051800] conn=3 op=1621506 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart
nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
> [29/Nov/2021:07:27:58.247227360 +051800] conn=3 op=1621506 RESULT err=0
tag=101 nentries=1 wtime=0.000051133 optime=0.000083721 etime=0.000133737
> [29/Nov/2021:07:28:02.294754452 +051800] conn=3 op=1621507 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
> [29/Nov/2021:07:28:02.294925282 +051800] conn=3 op=1621507 RESULT err=0
tag=101 nentries=1 wtime=0.000079217 optime=0.000173837 etime=0.000251265
> [29/Nov/2021:07:28:02.295800388 +051800] conn=3 op=1621508 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="description"
> [29/Nov/2021:07:28:02.295898180 +051800] conn=3 op=1621508 RESULT err=0
tag=101 nentries=1 wtime=0.000807492 optime=0.000099189 etime=0.000905100
> [29/Nov/2021:07:28:02.297138601 +051800] conn=3 op=1621509 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
> [29/Nov/2021:07:28:02.297229867 +051800] conn=3 op=1621509 RESULT err=0
tag=101 nentries=1 wtime=0.001202980 optime=0.000092490 etime=0.001293973
>
> how to change the
> value 8192 of logs.
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
9:35 p.m.
You only needed to send that one entry from dse.ldif! You just sent us the whole dse.ldif
with your nsslapd-rootpw hash, and your replication manager password.
You now need to assume these are all compromised, and you need to reset them all, on all
your directory servers. I'm sorry to tell you this ....
You also still haven't sent the nsslapd-errorlog-level in the config. You seem to be
really struggling here ...
On 29 Nov 2021, at 13:22, Dhivagar A <ssdhivagar(a)gmail.com>
wrote:
Hi Team,
Thanks for the clarification.
I have removed the entry from the dse.ldif file and attached it to this email.
On Mon, Nov 29, 2021 at 8:10 AM William Brown <william.brown(a)suse.com> wrote:
I'm sorry if what I said wasn't clear. You need to *send us* that entry from
dse.ldif so that we can look at it, but when you send that to us you need to remove that
line.
By removing this from dse.ldif you just broken your replication agreement, so you'll
need to re-add the credentials.
To set the log level you need to use the dsconf command to change nsslapd-errorlog-level.
> On 29 Nov 2021, at 12:18, Dhivagar A <ssdhivagar(a)gmail.com> wrote:
>
> Hi,
>
> I have removed the line "nsDS5ReplicaCredentials" from dse.ldif. After
restart the service.
>
> Error log:
>
> [29/Nov/2021:07:19:53.908626723 +051800] - INFO - main - 389-Directory/1.3.10.2
B2021.287.1227 starting up
> [29/Nov/2021:07:19:53.908781373 +051800] - INFO - main - Setting the maximum file
descriptor limit to: 16384
> [29/Nov/2021:07:19:58.015480108 +051800] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> [29/Nov/2021:07:19:58.021871694 +051800] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> [29/Nov/2021:07:19:58.027991820 +051800] - NOTICE - ldbm_back_start - found 3880196k
physical memory
> [29/Nov/2021:07:19:58.028167643 +051800] - NOTICE - ldbm_back_start - found 3253888k
available
> [29/Nov/2021:07:19:58.028307714 +051800] - NOTICE - ldbm_back_start - cache
autosizing: db cache: 97004k
> [29/Nov/2021:07:19:58.028455119 +051800] - NOTICE - ldbm_back_start - cache
autosizing: userRoot entry cache (2 total): 131072k
> [29/Nov/2021:07:19:58.029137403 +051800] - NOTICE - ldbm_back_start - cache
autosizing: userRoot dn cache (2 total): 65536k
> [29/Nov/2021:07:19:58.029553007 +051800] - NOTICE - ldbm_back_start - cache
autosizing: NetscapeRoot entry cache (2 total): 131072k
> [29/Nov/2021:07:19:58.030246904 +051800] - NOTICE - ldbm_back_start - cache
autosizing: NetscapeRoot dn cache (2 total): 65536k
> [29/Nov/2021:07:19:58.030633784 +051800] - NOTICE - ldbm_back_start - total cache
size: 482119597 B;
> [29/Nov/2021:07:19:58.132875637 +051800] - ERR - NSMMReplicationPlugin -
agmt_is_valid - Replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" is
malformed: a bind DN and password must be supplied for authentication method
"SIMPLE"
> [29/Nov/2021:07:19:58.133160791 +051800] - ERR - NSMMReplicationPlugin -
agmt_new_from_entry - Failed to parse agreement, skipping.
> [29/Nov/2021:07:19:58.140532467 +051800] - INFO - slapd_daemon - slapd started.
Listening on All Interfaces port 389 for LDAP requests
> [29/Nov/2021:07:19:58.140777653 +051800] - INFO - slapd_daemon - Listening on All
Interfaces port 636 for LDAPS requests
> [29/Nov/2021:07:22:08.139657332 +051800] - WARN - NSMMReplicationPlugin -
agmtlist_modify_callback - Received a modification for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
> [29/Nov/2021:07:22:08.152614757 +051800] - WARN - NSMMReplicationPlugin -
agmtlist_modify_callback - Received a modification for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
> [29/Nov/2021:07:23:43.481717340 +051800] - WARN - NSMMReplicationPlugin -
agmtlist_modify_callback - Received a modification for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
> [29/Nov/2021:07:27:39.184573271 +051800] - WARN - NSMMReplicationPlugin -
agmtlist_modify_callback - Received a modification for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
>
>
> Access log:
>
> [29/Nov/2021:07:27:58.246409555 +051800] conn=3 op=1621504 SRCH
base="cn=replication,cn=config" scope=2 filter="(objectClass=*)"
attrs=ALL
> [29/Nov/2021:07:27:58.246495268 +051800] conn=3 op=1621504 RESULT err=0 tag=101
nentries=1 wtime=0.000058722 optime=0.000087634 etime=0.000144687
> [29/Nov/2021:07:27:58.246745817 +051800] conn=3 op=1621505 SRCH
base="cn=mapping tree,cn=config" scope=2
filter="(|(objectClass=nsDS5ReplicationAgreement)(objectClass=LDAPReplica)(objectClass=nsDSWindowsReplicationAgreement))"
attrs=ALL
> [29/Nov/2021:07:27:58.246914678 +051800] conn=3 op=1621505 RESULT err=0 tag=101
nentries=1 wtime=0.000063352 optime=0.000170331 etime=0.000231855
> [29/Nov/2021:07:27:58.247145331 +051800] conn=3 op=1621506 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd
nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
> [29/Nov/2021:07:27:58.247227360 +051800] conn=3 op=1621506 RESULT err=0 tag=101
nentries=1 wtime=0.000051133 optime=0.000083721 etime=0.000133737
> [29/Nov/2021:07:28:02.294754452 +051800] conn=3 op=1621507 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
> [29/Nov/2021:07:28:02.294925282 +051800] conn=3 op=1621507 RESULT err=0 tag=101
nentries=1 wtime=0.000079217 optime=0.000173837 etime=0.000251265
> [29/Nov/2021:07:28:02.295800388 +051800] conn=3 op=1621508 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="description"
> [29/Nov/2021:07:28:02.295898180 +051800] conn=3 op=1621508 RESULT err=0 tag=101
nentries=1 wtime=0.000807492 optime=0.000099189 etime=0.000905100
> [29/Nov/2021:07:28:02.297138601 +051800] conn=3 op=1621509 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
> [29/Nov/2021:07:28:02.297229867 +051800] conn=3 op=1621509 RESULT err=0 tag=101
nentries=1 wtime=0.001202980 optime=0.000092490 etime=0.001293973
>
> how to change the
> value 8192 of logs.
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
<dse.zip>_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
11:18 p.m.
Hi,
I have attached nsslapd-errorlog. Please check and let me know.
On Mon, Nov 29, 2021 at 9:06 AM William Brown <william.brown(a)suse.com>
wrote:
You only needed to send that one entry from dse.ldif! You just sent
us the
whole dse.ldif with your nsslapd-rootpw hash, and your replication manager
password.
You now need to assume these are all compromised, and you need to reset
them all, on all your directory servers. I'm sorry to tell you this ....
You also still haven't sent the nsslapd-errorlog-level in the config. You
seem to be really struggling here ...
> On 29 Nov 2021, at 13:22, Dhivagar A <ssdhivagar(a)gmail.com> wrote:
>
> Hi Team,
>
> Thanks for the clarification.
>
> I have removed the entry from the dse.ldif file and attached it to this
email.
>
> On Mon, Nov 29, 2021 at 8:10 AM William Brown <william.brown(a)suse.com>
wrote:
> I'm sorry if what I said wasn't clear. You need to *send us* that entry
from dse.ldif so that we can look at it, but when you send that to us you
need to remove that line.
>
> By removing this from dse.ldif you just broken your replication
agreement, so you'll need to re-add the credentials.
>
>
> To set the log level you need to use the dsconf command to change
nsslapd-errorlog-level.
>
> > On 29 Nov 2021, at 12:18, Dhivagar A <ssdhivagar(a)gmail.com> wrote:
> >
> > Hi,
> >
> > I have removed the line "nsDS5ReplicaCredentials" from dse.ldif.
After
restart the service.
> >
> > Error log:
> >
> > [29/Nov/2021:07:19:53.908626723 +051800] - INFO - main - 389-Directory/
1.3.10.2 B2021.287.1227 starting up
> > [29/Nov/2021:07:19:53.908781373 +051800] - INFO - main - Setting the
maximum file descriptor limit to: 16384
> > [29/Nov/2021:07:19:58.015480108 +051800] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > [29/Nov/2021:07:19:58.021871694 +051800] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
> > [29/Nov/2021:07:19:58.027991820 +051800] - NOTICE - ldbm_back_start -
found 3880196k physical memory
> > [29/Nov/2021:07:19:58.028167643 +051800] - NOTICE - ldbm_back_start -
found 3253888k available
> > [29/Nov/2021:07:19:58.028307714 +051800] - NOTICE - ldbm_back_start -
cache autosizing: db cache: 97004k
> > [29/Nov/2021:07:19:58.028455119 +051800] - NOTICE - ldbm_back_start -
cache autosizing: userRoot entry cache (2 total): 131072k
> > [29/Nov/2021:07:19:58.029137403 +051800] - NOTICE - ldbm_back_start -
cache autosizing: userRoot dn cache (2 total): 65536k
> > [29/Nov/2021:07:19:58.029553007 +051800] - NOTICE - ldbm_back_start -
cache autosizing: NetscapeRoot entry cache (2 total): 131072k
> > [29/Nov/2021:07:19:58.030246904 +051800] - NOTICE - ldbm_back_start -
cache autosizing: NetscapeRoot dn cache (2 total): 65536k
> > [29/Nov/2021:07:19:58.030633784 +051800] - NOTICE - ldbm_back_start -
total cache size: 482119597 B;
> > [29/Nov/2021:07:19:58.132875637 +051800] - ERR - NSMMReplicationPlugin
- agmt_is_valid - Replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" is malformed: a bind DN and password must be supplied for
authentication method "SIMPLE"
> > [29/Nov/2021:07:19:58.133160791 +051800] - ERR - NSMMReplicationPlugin
- agmt_new_from_entry - Failed to parse agreement, skipping.
> > [29/Nov/2021:07:19:58.140532467 +051800] - INFO - slapd_daemon - slapd
started. Listening on All Interfaces port 389 for LDAP requests
> > [29/Nov/2021:07:19:58.140777653 +051800] - INFO - slapd_daemon -
Listening on All Interfaces port 636 for LDAPS requests
> > [29/Nov/2021:07:22:08.139657332 +051800] - WARN -
NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification
for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config"
> > [29/Nov/2021:07:22:08.152614757 +051800] - WARN -
NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification
for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config"
> > [29/Nov/2021:07:23:43.481717340 +051800] - WARN -
NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification
for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config"
> > [29/Nov/2021:07:27:39.184573271 +051800] - WARN -
NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification
for unknown replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config"
> >
> >
> > Access log:
> >
> > [29/Nov/2021:07:27:58.246409555 +051800] conn=3 op=1621504 SRCH
base="cn=replication,cn=config" scope=2 filter="(objectClass=*)"
attrs=ALL
> > [29/Nov/2021:07:27:58.246495268 +051800] conn=3 op=1621504 RESULT
err=0 tag=101 nentries=1 wtime=0.000058722 optime=0.000087634
etime=0.000144687
> > [29/Nov/2021:07:27:58.246745817 +051800] conn=3 op=1621505 SRCH
base="cn=mapping tree,cn=config" scope=2
filter="(|(objectClass=nsDS5ReplicationAgreement)(objectClass=LDAPReplica)(objectClass=nsDSWindowsReplicationAgreement))"
attrs=ALL
> > [29/Nov/2021:07:27:58.246914678 +051800] conn=3 op=1621505 RESULT
err=0 tag=101 nentries=1 wtime=0.000063352 optime=0.000170331
etime=0.000231855
> > [29/Nov/2021:07:27:58.247145331 +051800] conn=3 op=1621506 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd
nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus
nsds5replicaUpdateInProgress nsds5replicaLastInitStart
nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
> > [29/Nov/2021:07:27:58.247227360 +051800] conn=3 op=1621506 RESULT
err=0 tag=101 nentries=1 wtime=0.000051133 optime=0.000083721
etime=0.000133737
> > [29/Nov/2021:07:28:02.294754452 +051800] conn=3 op=1621507 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
> > [29/Nov/2021:07:28:02.294925282 +051800] conn=3 op=1621507 RESULT
err=0 tag=101 nentries=1 wtime=0.000079217 optime=0.000173837
etime=0.000251265
> > [29/Nov/2021:07:28:02.295800388 +051800] conn=3 op=1621508 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))"
attrs="description"
> > [29/Nov/2021:07:28:02.295898180 +051800] conn=3 op=1621508 RESULT
err=0 tag=101 nentries=1 wtime=0.000807492 optime=0.000099189
etime=0.000905100
> > [29/Nov/2021:07:28:02.297138601 +051800] conn=3 op=1621509 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping
tree,cn=config" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
> > [29/Nov/2021:07:28:02.297229867 +051800] conn=3 op=1621509 RESULT
err=0 tag=101 nentries=1 wtime=0.001202980 optime=0.000092490
etime=0.001293973
> >
> > how to change the
> > value 8192 of logs.
> > _______________________________________________
> > 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> > To unsubscribe send an email to
389-users-leave(a)lists.fedoraproject.org
> > Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
> > Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
>
> --
> Sincerely,
>
> William Brown
>
> Senior Software Engineer, Identity and Access Management
> SUSE Labs, Australia
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
> <dse.zip>_______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
11:28 p.m.
[29/Nov/2021:09:55:42.952792892 +051800] - DEBUG - NSMMReplicationPlugin - windows sync -
windows_conn_get_search_result - Received entry from dirsync: CN=test
1,CN=Users,DC=adexample,DC=com
[29/Nov/2021:09:55:42.953089957 +051800] - DEBUG - NSMMReplicationPlugin - windows sync -
map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Looking for local entry
matching AD entry [CN=test 1,CN=Users,DC=adexample,DC=com]
[29/Nov/2021:09:55:42.953252595 +051800] - DEBUG - NSMMReplicationPlugin - windows sync -
map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Looking for local entry by
guid [bae6a306ab62554ba263f5c4ccdbdf8f]
[29/Nov/2021:09:55:42.953467735 +051800] - DEBUG - NSMMReplicationPlugin - windows sync -
map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Problem looking for guid:
-1
[29/Nov/2021:09:55:42.953629617 +051800] - DEBUG - NSMMReplicationPlugin - windows sync -
map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Looking for local entry by
uid [test1]
[29/Nov/2021:09:55:42.953823325 +051800] - DEBUG - NSMMReplicationPlugin - windows sync -
map_entry_dn_inbound - agmt="cn=winsync" (172:389) - problem looking for
username: -1
[29/Nov/2021:09:55:42.954061023 +051800] - DEBUG - NSMMReplicationPlugin - windows sync -
windows_process_dirsync_entry - agmt="cn=winsync" (172:389) - Not allowed to add
entry CN=test 1,CN=Users,DC=adexample,DC=com.
We'll need to see the content of the entry from AD "CN=test
1,CN=Users,DC=adexample,DC=com"
On 29 Nov 2021, at 15:18, Dhivagar A <ssdhivagar(a)gmail.com>
wrote:
_______________________________________________
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
11:50 p.m.
Hi,
I have attached the "CN=test 1,CN=Users,DC=adexample,DC=com" user
information. Please check and update.
On Mon, Nov 29, 2021 at 10:59 AM William Brown <william.brown(a)suse.com>
wrote:
[29/Nov/2021:09:55:42.952792892 +051800] - DEBUG - NSMMReplicationPlugin -
windows sync - windows_conn_get_search_result - Received entry from
dirsync: CN=test 1,CN=Users,DC=adexample,DC=com
[29/Nov/2021:09:55:42.953089957 +051800] - DEBUG - NSMMReplicationPlugin -
windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Looking
for local entry matching AD entry [CN=test 1,CN=Users,DC=adexample,DC=com]
[29/Nov/2021:09:55:42.953252595 +051800] - DEBUG - NSMMReplicationPlugin -
windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Looking
for local entry by guid [bae6a306ab62554ba263f5c4ccdbdf8f]
[29/Nov/2021:09:55:42.953467735 +051800] - DEBUG - NSMMReplicationPlugin -
windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Problem
looking for guid: -1
[29/Nov/2021:09:55:42.953629617 +051800] - DEBUG - NSMMReplicationPlugin -
windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Looking
for local entry by uid [test1]
[29/Nov/2021:09:55:42.953823325 +051800] - DEBUG - NSMMReplicationPlugin -
windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - problem
looking for username: -1
[29/Nov/2021:09:55:42.954061023 +051800] - DEBUG - NSMMReplicationPlugin -
windows sync - windows_process_dirsync_entry - agmt="cn=winsync" (172:389)
- Not allowed to add entry CN=test 1,CN=Users,DC=adexample,DC=com.
We'll need to see the content of the entry from AD "CN=test
1,CN=Users,DC=adexample,DC=com"
> On 29 Nov 2021, at 15:18, Dhivagar A <ssdhivagar(a)gmail.com> wrote:
>
> _______________________________________________
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
873
days inactive
874
days old
389-users@lists.fedoraproject.org
11 comments
3 participants
participants (3)
-
Dhivagar A -
Mark Reynolds -
William Brown