7:34 a.m.
Kees Bakker via FreeIPA-users wrote:
Hey,
In two of my three masters I see these error messages.
Jul 01 09:38:38 linge.ghs.nl named-pkcs11[6945]: bug in
ldap_entry_reconstruct(): protocol violation: attempt to reconstruct
non-existing entry
Jul 01 09:38:38 linge.ghs.nl named-pkcs11[6945]: ldap_sync_search_entry
failed: not found
It also so happens that DNS is not updated on these two systems.
We only use one master to update DNS, either via the web interface
or via DHCP-update. These changes are correctly found in LDAP, on
all three systems. However, the two other nameservers don't pick
up the changes.
There are no "syncrepl_update" messages in the log (after increasing
trace level with rndc trace 10).
To be honest, I don't know if the above errors are related to the missing
updates. I'm grasping at straws here.
Something is seriously wrong, but what? How can I debug this further?
The two failing systems run CentOS 8 Stream. Some rpm info:
389-ds-base-1.4.3.16-8.module_el8.4.0+644+ed25d39e.x86_64
ipa-server-4.9.2-3.module_el8.5.0+750+c59b186b.x86_64
I don't really do DNS but both of these messages come from
bind-dyndb-ldap, the LDAP backend for bind.
There is slightly more syncrepl logging at level 20, but only slightly more.
rob