Hi team,
I want to sync user and password from Windows 2019 to 389ds one way sync, I have configured the OnewaySync. But not working. This is the error log for your reference.
Error log:
WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=winsync" (172:389): Replica has no update vector. It has never been initialized. ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Beginning total update of replica "agmt="cn=winsync" (172:389)". ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Finished total update of replica "agmt="cn=winsync" (172:389)". Sent 0 entries.
This is not enough info to diagnosis the issue. Please provide the replication agreement, and enable replication logging. Then attempt the reinit again, and provide all of that logging. Note you must use StartTLS or LDAPS/TLS as the agreement connection protocol or else dirsync will not accept the connection on the AD side, and it will not sync any entries (which is what this looks like right now)...
On 11/28/21 9:42 AM, Dhivagar A wrote:
Hi team,
I want to sync user and password from Windows 2019 to 389ds one way sync, I have configured the OnewaySync. But not working. This is the error log for your reference.
Error log:
WARN - NSMMReplicationPlugin - windows sync - windows_inc_run - agmt="cn=winsync" (172:389): Replica has no update vector. It has never been initialized. ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Beginning total update of replica "agmt="cn=winsync" (172:389)". ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Finished total update of replica "agmt="cn=winsync" (172:389)". Sent 0 entries. _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Hi,
Please find the your requested information.
The Synchronization Agreement:
DS Host: 389ds.ldapexample.com:389 Windows Host: server.adexample.com:389 DS Subtree: ou=People,dc=ldapexample,dc=com Windows Subtree: dc=adexample,dc=com Replicated subtree: dc=ldapexample,dc=com
PassSync service on the AD Server :
Hostname - 389ds.ldapexample.com Port- 636 Username - cn=sync,cn=config password - XXXXXXX Search base - ou=People,dc=ldapexample,dc=com
Error log:
[29/Nov/2021:00:23:05.608343706 +051800] - ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Beginning total update of replica "agmt="cn=winsync" (172:389)". [29/Nov/2021:00:23:05.784338132 +051800] - ERR - NSMMReplicationPlugin - windows sync - windows_tot_run - Finished total update of replica "agmt="cn=winsync" (172:389)". Sent 0 entries.
Access log:
389-Directory/1.3.10.2 B2021.287.1227 389ds.ldapexample.com:636 (/etc/dirsrv/slapd-server)
[29/Nov/2021:00:20:13.002450431 +051800] conn=115 op=127 SRCH base="cn=changelog5,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [29/Nov/2021:00:20:13.002576871 +051800] conn=115 op=127 RESULT err=0 tag=101 nentries=1 wtime=0.000129135 optime=0.000132157 etime=0.000259223 [29/Nov/2021:00:20:13.009244074 +051800] conn=115 op=128 SRCH base="cn=changelog5,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [29/Nov/2021:00:20:13.009317634 +051800] conn=115 op=128 RESULT err=0 tag=101 nentries=1 wtime=0.006551066 optime=0.000074431 etime=0.006623728 [29/Nov/2021:00:23:00.464882257 +051800] conn=115 op=130 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [29/Nov/2021:00:23:00.465116506 +051800] conn=115 op=130 RESULT err=0 tag=101 nentries=1 wtime=0.000126890 optime=0.000240489 etime=0.000365735 [29/Nov/2021:00:23:00.466440118 +051800] conn=115 op=131 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="description" [29/Nov/2021:00:23:00.466576783 +051800] conn=115 op=131 RESULT err=0 tag=101 nentries=1 wtime=0.001180880 optime=0.000138519 etime=0.001317885 [29/Nov/2021:00:23:00.468370294 +051800] conn=115 op=132 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [29/Nov/2021:00:23:00.468511671 +051800] conn=115 op=132 RESULT err=0 tag=101 nentries=1 wtime=0.001734410 optime=0.000142543 etime=0.001875509 [29/Nov/2021:00:23:02.902149366 +051800] conn=115 op=134 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [29/Nov/2021:00:23:02.902319246 +051800] conn=115 op=134 RESULT err=0 tag=101 nentries=1 wtime=0.000088649 optime=0.000172709 etime=0.000259197 [29/Nov/2021:00:23:04.604228446 +051800] conn=115 op=135 MOD dn="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" [29/Nov/2021:00:23:05.608721541 +051800] conn=115 op=135 RESULT err=0 tag=103 nentries=0 wtime=0.000076556 optime=1.004498094 etime=1.004572111 [29/Nov/2021:00:23:08.609188140 +051800] conn=115 op=136 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [29/Nov/2021:00:23:08.609392599 +051800] conn=115 op=136 RESULT err=0 tag=101 nentries=1 wtime=0.000094326 optime=0.000208306 etime=0.000300676
Hey mate,
On 29 Nov 2021, at 05:01, Dhivagar A ssdhivagar@gmail.com wrote:
Hi,
Please find the your requested information.
The Synchronization Agreement:
DS Host: 389ds.ldapexample.com:389 Windows Host: server.adexample.com:389 DS Subtree: ou=People,dc=ldapexample,dc=com Windows Subtree: dc=adexample,dc=com Replicated subtree: dc=ldapexample,dc=com
we need to actually see the details of the entry in dse.ldif which contains the objectclass "nsDSWindowsReplicationAgreement". You should remove the line nsDS5ReplicaCredentials however.
PassSync service on the AD Server :
Hostname - 389ds.ldapexample.com Port- 636 Username - cn=sync,cn=config password - XXXXXXX Search base - ou=People,dc=ldapexample,dc=com
Error log:
When mark mentioned the errorlog level for replication I think you need to change the value 8192 which enables the extended logging we require.
-- Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management SUSE Labs, Australia
Hi,
I have removed the line "nsDS5ReplicaCredentials" from dse.ldif. After restart the service.
Error log:
[29/Nov/2021:07:19:53.908626723 +051800] - INFO - main - 389-Directory/1.3.10.2 B2021.287.1227 starting up [29/Nov/2021:07:19:53.908781373 +051800] - INFO - main - Setting the maximum file descriptor limit to: 16384 [29/Nov/2021:07:19:58.015480108 +051800] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [29/Nov/2021:07:19:58.021871694 +051800] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [29/Nov/2021:07:19:58.027991820 +051800] - NOTICE - ldbm_back_start - found 3880196k physical memory [29/Nov/2021:07:19:58.028167643 +051800] - NOTICE - ldbm_back_start - found 3253888k available [29/Nov/2021:07:19:58.028307714 +051800] - NOTICE - ldbm_back_start - cache autosizing: db cache: 97004k [29/Nov/2021:07:19:58.028455119 +051800] - NOTICE - ldbm_back_start - cache autosizing: userRoot entry cache (2 total): 131072k [29/Nov/2021:07:19:58.029137403 +051800] - NOTICE - ldbm_back_start - cache autosizing: userRoot dn cache (2 total): 65536k [29/Nov/2021:07:19:58.029553007 +051800] - NOTICE - ldbm_back_start - cache autosizing: NetscapeRoot entry cache (2 total): 131072k [29/Nov/2021:07:19:58.030246904 +051800] - NOTICE - ldbm_back_start - cache autosizing: NetscapeRoot dn cache (2 total): 65536k [29/Nov/2021:07:19:58.030633784 +051800] - NOTICE - ldbm_back_start - total cache size: 482119597 B; [29/Nov/2021:07:19:58.132875637 +051800] - ERR - NSMMReplicationPlugin - agmt_is_valid - Replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" is malformed: a bind DN and password must be supplied for authentication method "SIMPLE" [29/Nov/2021:07:19:58.133160791 +051800] - ERR - NSMMReplicationPlugin - agmt_new_from_entry - Failed to parse agreement, skipping. [29/Nov/2021:07:19:58.140532467 +051800] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests [29/Nov/2021:07:19:58.140777653 +051800] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests [29/Nov/2021:07:22:08.139657332 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" [29/Nov/2021:07:22:08.152614757 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" [29/Nov/2021:07:23:43.481717340 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" [29/Nov/2021:07:27:39.184573271 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
Access log:
[29/Nov/2021:07:27:58.246409555 +051800] conn=3 op=1621504 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [29/Nov/2021:07:27:58.246495268 +051800] conn=3 op=1621504 RESULT err=0 tag=101 nentries=1 wtime=0.000058722 optime=0.000087634 etime=0.000144687 [29/Nov/2021:07:27:58.246745817 +051800] conn=3 op=1621505 SRCH base="cn=mapping tree,cn=config" scope=2 filter="(|(objectClass=nsDS5ReplicationAgreement)(objectClass=LDAPReplica)(objectClass=nsDSWindowsReplicationAgreement))" attrs=ALL [29/Nov/2021:07:27:58.246914678 +051800] conn=3 op=1621505 RESULT err=0 tag=101 nentries=1 wtime=0.000063352 optime=0.000170331 etime=0.000231855 [29/Nov/2021:07:27:58.247145331 +051800] conn=3 op=1621506 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [29/Nov/2021:07:27:58.247227360 +051800] conn=3 op=1621506 RESULT err=0 tag=101 nentries=1 wtime=0.000051133 optime=0.000083721 etime=0.000133737 [29/Nov/2021:07:28:02.294754452 +051800] conn=3 op=1621507 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [29/Nov/2021:07:28:02.294925282 +051800] conn=3 op=1621507 RESULT err=0 tag=101 nentries=1 wtime=0.000079217 optime=0.000173837 etime=0.000251265 [29/Nov/2021:07:28:02.295800388 +051800] conn=3 op=1621508 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="description" [29/Nov/2021:07:28:02.295898180 +051800] conn=3 op=1621508 RESULT err=0 tag=101 nentries=1 wtime=0.000807492 optime=0.000099189 etime=0.000905100 [29/Nov/2021:07:28:02.297138601 +051800] conn=3 op=1621509 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [29/Nov/2021:07:28:02.297229867 +051800] conn=3 op=1621509 RESULT err=0 tag=101 nentries=1 wtime=0.001202980 optime=0.000092490 etime=0.001293973
how to change the value 8192 of logs.
I'm sorry if what I said wasn't clear. You need to *send us* that entry from dse.ldif so that we can look at it, but when you send that to us you need to remove that line.
By removing this from dse.ldif you just broken your replication agreement, so you'll need to re-add the credentials.
To set the log level you need to use the dsconf command to change nsslapd-errorlog-level.
On 29 Nov 2021, at 12:18, Dhivagar A ssdhivagar@gmail.com wrote:
Hi,
I have removed the line "nsDS5ReplicaCredentials" from dse.ldif. After restart the service.
Error log:
[29/Nov/2021:07:19:53.908626723 +051800] - INFO - main - 389-Directory/1.3.10.2 B2021.287.1227 starting up [29/Nov/2021:07:19:53.908781373 +051800] - INFO - main - Setting the maximum file descriptor limit to: 16384 [29/Nov/2021:07:19:58.015480108 +051800] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [29/Nov/2021:07:19:58.021871694 +051800] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [29/Nov/2021:07:19:58.027991820 +051800] - NOTICE - ldbm_back_start - found 3880196k physical memory [29/Nov/2021:07:19:58.028167643 +051800] - NOTICE - ldbm_back_start - found 3253888k available [29/Nov/2021:07:19:58.028307714 +051800] - NOTICE - ldbm_back_start - cache autosizing: db cache: 97004k [29/Nov/2021:07:19:58.028455119 +051800] - NOTICE - ldbm_back_start - cache autosizing: userRoot entry cache (2 total): 131072k [29/Nov/2021:07:19:58.029137403 +051800] - NOTICE - ldbm_back_start - cache autosizing: userRoot dn cache (2 total): 65536k [29/Nov/2021:07:19:58.029553007 +051800] - NOTICE - ldbm_back_start - cache autosizing: NetscapeRoot entry cache (2 total): 131072k [29/Nov/2021:07:19:58.030246904 +051800] - NOTICE - ldbm_back_start - cache autosizing: NetscapeRoot dn cache (2 total): 65536k [29/Nov/2021:07:19:58.030633784 +051800] - NOTICE - ldbm_back_start - total cache size: 482119597 B; [29/Nov/2021:07:19:58.132875637 +051800] - ERR - NSMMReplicationPlugin - agmt_is_valid - Replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" is malformed: a bind DN and password must be supplied for authentication method "SIMPLE" [29/Nov/2021:07:19:58.133160791 +051800] - ERR - NSMMReplicationPlugin - agmt_new_from_entry - Failed to parse agreement, skipping. [29/Nov/2021:07:19:58.140532467 +051800] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests [29/Nov/2021:07:19:58.140777653 +051800] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests [29/Nov/2021:07:22:08.139657332 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" [29/Nov/2021:07:22:08.152614757 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" [29/Nov/2021:07:23:43.481717340 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" [29/Nov/2021:07:27:39.184573271 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
Access log:
[29/Nov/2021:07:27:58.246409555 +051800] conn=3 op=1621504 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [29/Nov/2021:07:27:58.246495268 +051800] conn=3 op=1621504 RESULT err=0 tag=101 nentries=1 wtime=0.000058722 optime=0.000087634 etime=0.000144687 [29/Nov/2021:07:27:58.246745817 +051800] conn=3 op=1621505 SRCH base="cn=mapping tree,cn=config" scope=2 filter="(|(objectClass=nsDS5ReplicationAgreement)(objectClass=LDAPReplica)(objectClass=nsDSWindowsReplicationAgreement))" attrs=ALL [29/Nov/2021:07:27:58.246914678 +051800] conn=3 op=1621505 RESULT err=0 tag=101 nentries=1 wtime=0.000063352 optime=0.000170331 etime=0.000231855 [29/Nov/2021:07:27:58.247145331 +051800] conn=3 op=1621506 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [29/Nov/2021:07:27:58.247227360 +051800] conn=3 op=1621506 RESULT err=0 tag=101 nentries=1 wtime=0.000051133 optime=0.000083721 etime=0.000133737 [29/Nov/2021:07:28:02.294754452 +051800] conn=3 op=1621507 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [29/Nov/2021:07:28:02.294925282 +051800] conn=3 op=1621507 RESULT err=0 tag=101 nentries=1 wtime=0.000079217 optime=0.000173837 etime=0.000251265 [29/Nov/2021:07:28:02.295800388 +051800] conn=3 op=1621508 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="description" [29/Nov/2021:07:28:02.295898180 +051800] conn=3 op=1621508 RESULT err=0 tag=101 nentries=1 wtime=0.000807492 optime=0.000099189 etime=0.000905100 [29/Nov/2021:07:28:02.297138601 +051800] conn=3 op=1621509 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [29/Nov/2021:07:28:02.297229867 +051800] conn=3 op=1621509 RESULT err=0 tag=101 nentries=1 wtime=0.001202980 optime=0.000092490 etime=0.001293973
how to change the value 8192 of logs. _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
-- Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management SUSE Labs, Australia
Hi Team,
Thanks for the clarification.
I have removed the entry from the dse.ldif file and attached it to this email.
On Mon, Nov 29, 2021 at 8:10 AM William Brown william.brown@suse.com wrote:
I'm sorry if what I said wasn't clear. You need to *send us* that entry from dse.ldif so that we can look at it, but when you send that to us you need to remove that line.
By removing this from dse.ldif you just broken your replication agreement, so you'll need to re-add the credentials.
To set the log level you need to use the dsconf command to change nsslapd-errorlog-level.
On 29 Nov 2021, at 12:18, Dhivagar A ssdhivagar@gmail.com wrote:
Hi,
I have removed the line "nsDS5ReplicaCredentials" from dse.ldif. After
restart the service.
Error log:
[29/Nov/2021:07:19:53.908626723 +051800] - INFO - main - 389-Directory/
1.3.10.2 B2021.287.1227 starting up
[29/Nov/2021:07:19:53.908781373 +051800] - INFO - main - Setting the
maximum file descriptor limit to: 16384
[29/Nov/2021:07:19:58.015480108 +051800] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
[29/Nov/2021:07:19:58.021871694 +051800] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
[29/Nov/2021:07:19:58.027991820 +051800] - NOTICE - ldbm_back_start -
found 3880196k physical memory
[29/Nov/2021:07:19:58.028167643 +051800] - NOTICE - ldbm_back_start -
found 3253888k available
[29/Nov/2021:07:19:58.028307714 +051800] - NOTICE - ldbm_back_start -
cache autosizing: db cache: 97004k
[29/Nov/2021:07:19:58.028455119 +051800] - NOTICE - ldbm_back_start -
cache autosizing: userRoot entry cache (2 total): 131072k
[29/Nov/2021:07:19:58.029137403 +051800] - NOTICE - ldbm_back_start -
cache autosizing: userRoot dn cache (2 total): 65536k
[29/Nov/2021:07:19:58.029553007 +051800] - NOTICE - ldbm_back_start -
cache autosizing: NetscapeRoot entry cache (2 total): 131072k
[29/Nov/2021:07:19:58.030246904 +051800] - NOTICE - ldbm_back_start -
cache autosizing: NetscapeRoot dn cache (2 total): 65536k
[29/Nov/2021:07:19:58.030633784 +051800] - NOTICE - ldbm_back_start -
total cache size: 482119597 B;
[29/Nov/2021:07:19:58.132875637 +051800] - ERR - NSMMReplicationPlugin -
agmt_is_valid - Replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" is malformed: a bind DN and password must be supplied for authentication method "SIMPLE"
[29/Nov/2021:07:19:58.133160791 +051800] - ERR - NSMMReplicationPlugin -
agmt_new_from_entry - Failed to parse agreement, skipping.
[29/Nov/2021:07:19:58.140532467 +051800] - INFO - slapd_daemon - slapd
started. Listening on All Interfaces port 389 for LDAP requests
[29/Nov/2021:07:19:58.140777653 +051800] - INFO - slapd_daemon -
Listening on All Interfaces port 636 for LDAPS requests
[29/Nov/2021:07:22:08.139657332 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:22:08.152614757 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:23:43.481717340 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:27:39.184573271 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
Access log:
[29/Nov/2021:07:27:58.246409555 +051800] conn=3 op=1621504 SRCH
base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL
[29/Nov/2021:07:27:58.246495268 +051800] conn=3 op=1621504 RESULT err=0
tag=101 nentries=1 wtime=0.000058722 optime=0.000087634 etime=0.000144687
[29/Nov/2021:07:27:58.246745817 +051800] conn=3 op=1621505 SRCH
base="cn=mapping tree,cn=config" scope=2 filter="(|(objectClass=nsDS5ReplicationAgreement)(objectClass=LDAPReplica)(objectClass=nsDSWindowsReplicationAgreement))" attrs=ALL
[29/Nov/2021:07:27:58.246914678 +051800] conn=3 op=1621505 RESULT err=0
tag=101 nentries=1 wtime=0.000063352 optime=0.000170331 etime=0.000231855
[29/Nov/2021:07:27:58.247145331 +051800] conn=3 op=1621506 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
[29/Nov/2021:07:27:58.247227360 +051800] conn=3 op=1621506 RESULT err=0
tag=101 nentries=1 wtime=0.000051133 optime=0.000083721 etime=0.000133737
[29/Nov/2021:07:28:02.294754452 +051800] conn=3 op=1621507 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[29/Nov/2021:07:28:02.294925282 +051800] conn=3 op=1621507 RESULT err=0
tag=101 nentries=1 wtime=0.000079217 optime=0.000173837 etime=0.000251265
[29/Nov/2021:07:28:02.295800388 +051800] conn=3 op=1621508 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="description"
[29/Nov/2021:07:28:02.295898180 +051800] conn=3 op=1621508 RESULT err=0
tag=101 nentries=1 wtime=0.000807492 optime=0.000099189 etime=0.000905100
[29/Nov/2021:07:28:02.297138601 +051800] conn=3 op=1621509 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[29/Nov/2021:07:28:02.297229867 +051800] conn=3 op=1621509 RESULT err=0
tag=101 nentries=1 wtime=0.001202980 optime=0.000092490 etime=0.001293973
how to change the value 8192 of logs. _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
-- Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management SUSE Labs, Australia _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Hi Team,
Thanks for the clarification.
I have removed the entry from the dse.ldif file and attached it to this email.
On Mon, Nov 29, 2021 at 8:10 AM William Brown william.brown@suse.com wrote:
I'm sorry if what I said wasn't clear. You need to *send us* that entry from dse.ldif so that we can look at it, but when you send that to us you need to remove that line.
By removing this from dse.ldif you just broken your replication agreement, so you'll need to re-add the credentials.
To set the log level you need to use the dsconf command to change nsslapd-errorlog-level.
On 29 Nov 2021, at 12:18, Dhivagar A ssdhivagar@gmail.com wrote:
Hi,
I have removed the line "nsDS5ReplicaCredentials" from dse.ldif. After
restart the service.
Error log:
[29/Nov/2021:07:19:53.908626723 +051800] - INFO - main - 389-Directory/
1.3.10.2 B2021.287.1227 starting up
[29/Nov/2021:07:19:53.908781373 +051800] - INFO - main - Setting the
maximum file descriptor limit to: 16384
[29/Nov/2021:07:19:58.015480108 +051800] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
[29/Nov/2021:07:19:58.021871694 +051800] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
[29/Nov/2021:07:19:58.027991820 +051800] - NOTICE - ldbm_back_start -
found 3880196k physical memory
[29/Nov/2021:07:19:58.028167643 +051800] - NOTICE - ldbm_back_start -
found 3253888k available
[29/Nov/2021:07:19:58.028307714 +051800] - NOTICE - ldbm_back_start -
cache autosizing: db cache: 97004k
[29/Nov/2021:07:19:58.028455119 +051800] - NOTICE - ldbm_back_start -
cache autosizing: userRoot entry cache (2 total): 131072k
[29/Nov/2021:07:19:58.029137403 +051800] - NOTICE - ldbm_back_start -
cache autosizing: userRoot dn cache (2 total): 65536k
[29/Nov/2021:07:19:58.029553007 +051800] - NOTICE - ldbm_back_start -
cache autosizing: NetscapeRoot entry cache (2 total): 131072k
[29/Nov/2021:07:19:58.030246904 +051800] - NOTICE - ldbm_back_start -
cache autosizing: NetscapeRoot dn cache (2 total): 65536k
[29/Nov/2021:07:19:58.030633784 +051800] - NOTICE - ldbm_back_start -
total cache size: 482119597 B;
[29/Nov/2021:07:19:58.132875637 +051800] - ERR - NSMMReplicationPlugin -
agmt_is_valid - Replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" is malformed: a bind DN and password must be supplied for authentication method "SIMPLE"
[29/Nov/2021:07:19:58.133160791 +051800] - ERR - NSMMReplicationPlugin -
agmt_new_from_entry - Failed to parse agreement, skipping.
[29/Nov/2021:07:19:58.140532467 +051800] - INFO - slapd_daemon - slapd
started. Listening on All Interfaces port 389 for LDAP requests
[29/Nov/2021:07:19:58.140777653 +051800] - INFO - slapd_daemon -
Listening on All Interfaces port 636 for LDAPS requests
[29/Nov/2021:07:22:08.139657332 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:22:08.152614757 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:23:43.481717340 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:27:39.184573271 +051800] - WARN - NSMMReplicationPlugin
- agmtlist_modify_callback - Received a modification for unknown
replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
Access log:
[29/Nov/2021:07:27:58.246409555 +051800] conn=3 op=1621504 SRCH
base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL
[29/Nov/2021:07:27:58.246495268 +051800] conn=3 op=1621504 RESULT err=0
tag=101 nentries=1 wtime=0.000058722 optime=0.000087634 etime=0.000144687
[29/Nov/2021:07:27:58.246745817 +051800] conn=3 op=1621505 SRCH
base="cn=mapping tree,cn=config" scope=2 filter="(|(objectClass=nsDS5ReplicationAgreement)(objectClass=LDAPReplica)(objectClass=nsDSWindowsReplicationAgreement))" attrs=ALL
[29/Nov/2021:07:27:58.246914678 +051800] conn=3 op=1621505 RESULT err=0
tag=101 nentries=1 wtime=0.000063352 optime=0.000170331 etime=0.000231855
[29/Nov/2021:07:27:58.247145331 +051800] conn=3 op=1621506 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
[29/Nov/2021:07:27:58.247227360 +051800] conn=3 op=1621506 RESULT err=0
tag=101 nentries=1 wtime=0.000051133 optime=0.000083721 etime=0.000133737
[29/Nov/2021:07:28:02.294754452 +051800] conn=3 op=1621507 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[29/Nov/2021:07:28:02.294925282 +051800] conn=3 op=1621507 RESULT err=0
tag=101 nentries=1 wtime=0.000079217 optime=0.000173837 etime=0.000251265
[29/Nov/2021:07:28:02.295800388 +051800] conn=3 op=1621508 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="description"
[29/Nov/2021:07:28:02.295898180 +051800] conn=3 op=1621508 RESULT err=0
tag=101 nentries=1 wtime=0.000807492 optime=0.000099189 etime=0.000905100
[29/Nov/2021:07:28:02.297138601 +051800] conn=3 op=1621509 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[29/Nov/2021:07:28:02.297229867 +051800] conn=3 op=1621509 RESULT err=0
tag=101 nentries=1 wtime=0.001202980 optime=0.000092490 etime=0.001293973
how to change the value 8192 of logs. _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
-- Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management SUSE Labs, Australia _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
You only needed to send that one entry from dse.ldif! You just sent us the whole dse.ldif with your nsslapd-rootpw hash, and your replication manager password.
You now need to assume these are all compromised, and you need to reset them all, on all your directory servers. I'm sorry to tell you this ....
You also still haven't sent the nsslapd-errorlog-level in the config. You seem to be really struggling here ...
On 29 Nov 2021, at 13:22, Dhivagar A ssdhivagar@gmail.com wrote:
Hi Team,
Thanks for the clarification.
I have removed the entry from the dse.ldif file and attached it to this email.
On Mon, Nov 29, 2021 at 8:10 AM William Brown william.brown@suse.com wrote: I'm sorry if what I said wasn't clear. You need to *send us* that entry from dse.ldif so that we can look at it, but when you send that to us you need to remove that line.
By removing this from dse.ldif you just broken your replication agreement, so you'll need to re-add the credentials.
To set the log level you need to use the dsconf command to change nsslapd-errorlog-level.
On 29 Nov 2021, at 12:18, Dhivagar A ssdhivagar@gmail.com wrote:
Hi,
I have removed the line "nsDS5ReplicaCredentials" from dse.ldif. After restart the service.
Error log:
[29/Nov/2021:07:19:53.908626723 +051800] - INFO - main - 389-Directory/1.3.10.2 B2021.287.1227 starting up [29/Nov/2021:07:19:53.908781373 +051800] - INFO - main - Setting the maximum file descriptor limit to: 16384 [29/Nov/2021:07:19:58.015480108 +051800] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [29/Nov/2021:07:19:58.021871694 +051800] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [29/Nov/2021:07:19:58.027991820 +051800] - NOTICE - ldbm_back_start - found 3880196k physical memory [29/Nov/2021:07:19:58.028167643 +051800] - NOTICE - ldbm_back_start - found 3253888k available [29/Nov/2021:07:19:58.028307714 +051800] - NOTICE - ldbm_back_start - cache autosizing: db cache: 97004k [29/Nov/2021:07:19:58.028455119 +051800] - NOTICE - ldbm_back_start - cache autosizing: userRoot entry cache (2 total): 131072k [29/Nov/2021:07:19:58.029137403 +051800] - NOTICE - ldbm_back_start - cache autosizing: userRoot dn cache (2 total): 65536k [29/Nov/2021:07:19:58.029553007 +051800] - NOTICE - ldbm_back_start - cache autosizing: NetscapeRoot entry cache (2 total): 131072k [29/Nov/2021:07:19:58.030246904 +051800] - NOTICE - ldbm_back_start - cache autosizing: NetscapeRoot dn cache (2 total): 65536k [29/Nov/2021:07:19:58.030633784 +051800] - NOTICE - ldbm_back_start - total cache size: 482119597 B; [29/Nov/2021:07:19:58.132875637 +051800] - ERR - NSMMReplicationPlugin - agmt_is_valid - Replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" is malformed: a bind DN and password must be supplied for authentication method "SIMPLE" [29/Nov/2021:07:19:58.133160791 +051800] - ERR - NSMMReplicationPlugin - agmt_new_from_entry - Failed to parse agreement, skipping. [29/Nov/2021:07:19:58.140532467 +051800] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests [29/Nov/2021:07:19:58.140777653 +051800] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests [29/Nov/2021:07:22:08.139657332 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" [29/Nov/2021:07:22:08.152614757 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" [29/Nov/2021:07:23:43.481717340 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" [29/Nov/2021:07:27:39.184573271 +051800] - WARN - NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
Access log:
[29/Nov/2021:07:27:58.246409555 +051800] conn=3 op=1621504 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [29/Nov/2021:07:27:58.246495268 +051800] conn=3 op=1621504 RESULT err=0 tag=101 nentries=1 wtime=0.000058722 optime=0.000087634 etime=0.000144687 [29/Nov/2021:07:27:58.246745817 +051800] conn=3 op=1621505 SRCH base="cn=mapping tree,cn=config" scope=2 filter="(|(objectClass=nsDS5ReplicationAgreement)(objectClass=LDAPReplica)(objectClass=nsDSWindowsReplicationAgreement))" attrs=ALL [29/Nov/2021:07:27:58.246914678 +051800] conn=3 op=1621505 RESULT err=0 tag=101 nentries=1 wtime=0.000063352 optime=0.000170331 etime=0.000231855 [29/Nov/2021:07:27:58.247145331 +051800] conn=3 op=1621506 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [29/Nov/2021:07:27:58.247227360 +051800] conn=3 op=1621506 RESULT err=0 tag=101 nentries=1 wtime=0.000051133 optime=0.000083721 etime=0.000133737 [29/Nov/2021:07:28:02.294754452 +051800] conn=3 op=1621507 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [29/Nov/2021:07:28:02.294925282 +051800] conn=3 op=1621507 RESULT err=0 tag=101 nentries=1 wtime=0.000079217 optime=0.000173837 etime=0.000251265 [29/Nov/2021:07:28:02.295800388 +051800] conn=3 op=1621508 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="description" [29/Nov/2021:07:28:02.295898180 +051800] conn=3 op=1621508 RESULT err=0 tag=101 nentries=1 wtime=0.000807492 optime=0.000099189 etime=0.000905100 [29/Nov/2021:07:28:02.297138601 +051800] conn=3 op=1621509 SRCH base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [29/Nov/2021:07:28:02.297229867 +051800] conn=3 op=1621509 RESULT err=0 tag=101 nentries=1 wtime=0.001202980 optime=0.000092490 etime=0.001293973
how to change the value 8192 of logs. _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
-- Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management SUSE Labs, Australia _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure <dse.zip>_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
-- Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management SUSE Labs, Australia
Hi,
I have attached nsslapd-errorlog. Please check and let me know.
On Mon, Nov 29, 2021 at 9:06 AM William Brown william.brown@suse.com wrote:
You only needed to send that one entry from dse.ldif! You just sent us the whole dse.ldif with your nsslapd-rootpw hash, and your replication manager password.
You now need to assume these are all compromised, and you need to reset them all, on all your directory servers. I'm sorry to tell you this ....
You also still haven't sent the nsslapd-errorlog-level in the config. You seem to be really struggling here ...
On 29 Nov 2021, at 13:22, Dhivagar A ssdhivagar@gmail.com wrote:
Hi Team,
Thanks for the clarification.
I have removed the entry from the dse.ldif file and attached it to this
email.
On Mon, Nov 29, 2021 at 8:10 AM William Brown william.brown@suse.com
wrote:
I'm sorry if what I said wasn't clear. You need to *send us* that entry
from dse.ldif so that we can look at it, but when you send that to us you need to remove that line.
By removing this from dse.ldif you just broken your replication
agreement, so you'll need to re-add the credentials.
To set the log level you need to use the dsconf command to change
nsslapd-errorlog-level.
On 29 Nov 2021, at 12:18, Dhivagar A ssdhivagar@gmail.com wrote:
Hi,
I have removed the line "nsDS5ReplicaCredentials" from dse.ldif. After
restart the service.
Error log:
[29/Nov/2021:07:19:53.908626723 +051800] - INFO - main - 389-Directory/
1.3.10.2 B2021.287.1227 starting up
[29/Nov/2021:07:19:53.908781373 +051800] - INFO - main - Setting the
maximum file descriptor limit to: 16384
[29/Nov/2021:07:19:58.015480108 +051800] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
[29/Nov/2021:07:19:58.021871694 +051800] - INFO -
ldbm_instance_config_cachememsize_set - force a minimal value 512000
[29/Nov/2021:07:19:58.027991820 +051800] - NOTICE - ldbm_back_start -
found 3880196k physical memory
[29/Nov/2021:07:19:58.028167643 +051800] - NOTICE - ldbm_back_start -
found 3253888k available
[29/Nov/2021:07:19:58.028307714 +051800] - NOTICE - ldbm_back_start -
cache autosizing: db cache: 97004k
[29/Nov/2021:07:19:58.028455119 +051800] - NOTICE - ldbm_back_start -
cache autosizing: userRoot entry cache (2 total): 131072k
[29/Nov/2021:07:19:58.029137403 +051800] - NOTICE - ldbm_back_start -
cache autosizing: userRoot dn cache (2 total): 65536k
[29/Nov/2021:07:19:58.029553007 +051800] - NOTICE - ldbm_back_start -
cache autosizing: NetscapeRoot entry cache (2 total): 131072k
[29/Nov/2021:07:19:58.030246904 +051800] - NOTICE - ldbm_back_start -
cache autosizing: NetscapeRoot dn cache (2 total): 65536k
[29/Nov/2021:07:19:58.030633784 +051800] - NOTICE - ldbm_back_start -
total cache size: 482119597 B;
[29/Nov/2021:07:19:58.132875637 +051800] - ERR - NSMMReplicationPlugin
- agmt_is_valid - Replication agreement
"cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" is malformed: a bind DN and password must be supplied for authentication method "SIMPLE"
[29/Nov/2021:07:19:58.133160791 +051800] - ERR - NSMMReplicationPlugin
- agmt_new_from_entry - Failed to parse agreement, skipping.
[29/Nov/2021:07:19:58.140532467 +051800] - INFO - slapd_daemon - slapd
started. Listening on All Interfaces port 389 for LDAP requests
[29/Nov/2021:07:19:58.140777653 +051800] - INFO - slapd_daemon -
Listening on All Interfaces port 636 for LDAPS requests
[29/Nov/2021:07:22:08.139657332 +051800] - WARN -
NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:22:08.152614757 +051800] - WARN -
NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:23:43.481717340 +051800] - WARN -
NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
[29/Nov/2021:07:27:39.184573271 +051800] - WARN -
NSMMReplicationPlugin - agmtlist_modify_callback - Received a modification for unknown replication agreement "cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config"
Access log:
[29/Nov/2021:07:27:58.246409555 +051800] conn=3 op=1621504 SRCH
base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL
[29/Nov/2021:07:27:58.246495268 +051800] conn=3 op=1621504 RESULT
err=0 tag=101 nentries=1 wtime=0.000058722 optime=0.000087634 etime=0.000144687
[29/Nov/2021:07:27:58.246745817 +051800] conn=3 op=1621505 SRCH
base="cn=mapping tree,cn=config" scope=2 filter="(|(objectClass=nsDS5ReplicationAgreement)(objectClass=LDAPReplica)(objectClass=nsDSWindowsReplicationAgreement))" attrs=ALL
[29/Nov/2021:07:27:58.246914678 +051800] conn=3 op=1621505 RESULT
err=0 tag=101 nentries=1 wtime=0.000063352 optime=0.000170331 etime=0.000231855
[29/Nov/2021:07:27:58.247145331 +051800] conn=3 op=1621506 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh"
[29/Nov/2021:07:27:58.247227360 +051800] conn=3 op=1621506 RESULT
err=0 tag=101 nentries=1 wtime=0.000051133 optime=0.000083721 etime=0.000133737
[29/Nov/2021:07:28:02.294754452 +051800] conn=3 op=1621507 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[29/Nov/2021:07:28:02.294925282 +051800] conn=3 op=1621507 RESULT
err=0 tag=101 nentries=1 wtime=0.000079217 optime=0.000173837 etime=0.000251265
[29/Nov/2021:07:28:02.295800388 +051800] conn=3 op=1621508 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="description"
[29/Nov/2021:07:28:02.295898180 +051800] conn=3 op=1621508 RESULT
err=0 tag=101 nentries=1 wtime=0.000807492 optime=0.000099189 etime=0.000905100
[29/Nov/2021:07:28:02.297138601 +051800] conn=3 op=1621509 SRCH
base="cn=winsync,cn=replica,cn=dc\3Dldapauth\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[29/Nov/2021:07:28:02.297229867 +051800] conn=3 op=1621509 RESULT
err=0 tag=101 nentries=1 wtime=0.001202980 optime=0.000092490 etime=0.001293973
how to change the value 8192 of logs. _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to
389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
-- Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management SUSE Labs, Australia _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
<dse.zip>_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
-- Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management SUSE Labs, Australia _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[29/Nov/2021:09:55:42.952792892 +051800] - DEBUG - NSMMReplicationPlugin - windows sync - windows_conn_get_search_result - Received entry from dirsync: CN=test 1,CN=Users,DC=adexample,DC=com [29/Nov/2021:09:55:42.953089957 +051800] - DEBUG - NSMMReplicationPlugin - windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Looking for local entry matching AD entry [CN=test 1,CN=Users,DC=adexample,DC=com] [29/Nov/2021:09:55:42.953252595 +051800] - DEBUG - NSMMReplicationPlugin - windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Looking for local entry by guid [bae6a306ab62554ba263f5c4ccdbdf8f] [29/Nov/2021:09:55:42.953467735 +051800] - DEBUG - NSMMReplicationPlugin - windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Problem looking for guid: -1 [29/Nov/2021:09:55:42.953629617 +051800] - DEBUG - NSMMReplicationPlugin - windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Looking for local entry by uid [test1] [29/Nov/2021:09:55:42.953823325 +051800] - DEBUG - NSMMReplicationPlugin - windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - problem looking for username: -1 [29/Nov/2021:09:55:42.954061023 +051800] - DEBUG - NSMMReplicationPlugin - windows sync - windows_process_dirsync_entry - agmt="cn=winsync" (172:389) - Not allowed to add entry CN=test 1,CN=Users,DC=adexample,DC=com.
We'll need to see the content of the entry from AD "CN=test 1,CN=Users,DC=adexample,DC=com"
On 29 Nov 2021, at 15:18, Dhivagar A ssdhivagar@gmail.com wrote:
-- Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management SUSE Labs, Australia
Hi,
I have attached the "CN=test 1,CN=Users,DC=adexample,DC=com" user information. Please check and update.
On Mon, Nov 29, 2021 at 10:59 AM William Brown william.brown@suse.com wrote:
[29/Nov/2021:09:55:42.952792892 +051800] - DEBUG - NSMMReplicationPlugin - windows sync - windows_conn_get_search_result - Received entry from dirsync: CN=test 1,CN=Users,DC=adexample,DC=com [29/Nov/2021:09:55:42.953089957 +051800] - DEBUG - NSMMReplicationPlugin - windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Looking for local entry matching AD entry [CN=test 1,CN=Users,DC=adexample,DC=com] [29/Nov/2021:09:55:42.953252595 +051800] - DEBUG - NSMMReplicationPlugin - windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Looking for local entry by guid [bae6a306ab62554ba263f5c4ccdbdf8f] [29/Nov/2021:09:55:42.953467735 +051800] - DEBUG - NSMMReplicationPlugin - windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Problem looking for guid: -1 [29/Nov/2021:09:55:42.953629617 +051800] - DEBUG - NSMMReplicationPlugin - windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - Looking for local entry by uid [test1] [29/Nov/2021:09:55:42.953823325 +051800] - DEBUG - NSMMReplicationPlugin - windows sync - map_entry_dn_inbound - agmt="cn=winsync" (172:389) - problem looking for username: -1 [29/Nov/2021:09:55:42.954061023 +051800] - DEBUG - NSMMReplicationPlugin - windows sync - windows_process_dirsync_entry - agmt="cn=winsync" (172:389)
- Not allowed to add entry CN=test 1,CN=Users,DC=adexample,DC=com.
We'll need to see the content of the entry from AD "CN=test 1,CN=Users,DC=adexample,DC=com"
On 29 Nov 2021, at 15:18, Dhivagar A ssdhivagar@gmail.com wrote:
-- Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management SUSE Labs, Australia _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
389-users@lists.fedoraproject.org