So, I have 1.4.3.23. A change was made in 1.4.3.26 (commit f370a281b8, Issue 4872).
The latest in Centos 8 Stream is 1.4.3.23-10
That leaves me with the following questions.
1. What do I need to do to disable the entryUUID plugin?
2. What do I need to do to fix the current LDAP conflict?
3. Do I really need 389-ds-base 1.4.3.26 or later (if I manage to disable the entryUUID
plugin)?
-- Kees
On 22-11-2021 20:04, Kees Bakker via FreeIPA-users wrote:
On Centos 7
389-ds-base-snmp-1.3.9.1-13.el7_7.x86_64
389-ds-base-libs-1.3.9.1-13.el7_7.x86_64
389-ds-base-1.3.9.1-13.el7_7.x86_64
389-ds-base-debuginfo-1.3.9.1-13.el7_7.x86_64
On Centos 8 Stream
389-ds-base-1.4.3.23-7.module_el8.5.0+889+90e0384f.x86_64
python3-lib389-1.4.3.23-7.module_el8.5.0+889+90e0384f.noarch
389-ds-base-libs-1.4.3.23-7.module_el8.5.0+889+90e0384f.x86_64
-- Kees
On 22-11-2021 18:39, Florence Blanc-Renaud wrote:
> Hi,
>
> the error looks similar to
https://github.com/389ds/389-ds-base/issues/4872
<
https://github.com/389ds/389-ds-base/issues/4872>.
> The CentOS 8 Streams master probably has a version of 389ds that doesn't contain
the fix, and has entryuuid plugin enabled (that generates an entryuuid attribute). The
schema failed to be replicated to the CentOS 7 server, and the entryuuid attribute present
in the entry causes replication issues.
>
> Which versions are installed on the other replicas? You may have to disable the
entryuuid plugin or update 389ds.
> flo
>
>
> On Mon, Nov 22, 2021 at 3:30 PM Kees Bakker via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>> wrote:
>
> Hi,
>
> On my Centos 7 master there was this error message
>
> [19/Nov/2021:11:16:11.863597190 +0100] - ERR - oc_check_allowed_sv - Entry
"ipaUniqueID=b2211c08-4921-11ec-974b-509a4c9d3b10,cn=sudorules,cn=sudo,dc=example,dc=com"
-- attribute "entryuuid" not allowed
> [19/Nov/2021:11:16:26.331298112 +0100] - ERR - oc_check_allowed_sv - Entry
"ipaUniqueID=b2211c08-4921-11ec-974b-509a4c9d3b10,cn=sudorules,cn=sudo,dc=example,dc=com"
-- attribute "entryuuid" not allowed
> [19/Nov/2021:11:16:45.264647201 +0100] - ERR - oc_check_allowed_sv - Entry
"ipaUniqueID=b2211c08-4921-11ec-974b-509a4c9d3b10,cn=sudorules,cn=sudo,dc=example,dc=com"
-- attribute "entryuuid" not allowed
>
> The sudorule was add via the web-GUI on a Centos 8stream master.
>
> The replication more or less succeeded, besides this error message. However,
> * checkipaconsistency reports "LDAP Conflicts" (the Centos 7 master has
count 1, the other masters have count 0)
> * ipa-healthcheck reports an error too
>
> [
> {
> "source": "ipahealthcheck.ds.replication",
> "kw": {
> "msg": "Replication conflict",
> "glue": false,
> "conflict": "Schema violation",
> "key":
"ipaUniqueID=b2211c08-4921-11ec-974b-509a4c9d3b10,cn=sudorules,cn=sudo,dc=ghs,dc=nl"
> },
> "uuid": "01d364fc-e48e-44bd-9ea8-63db1e800788",
> "duration": "0.001689",
> "when": "20211122070012Z",
> "check": "ReplicationConflictCheck",
> "result": "ERROR"
> }
> ]
>
> Any advise how to get rid of the error messages would be greatly appreciated.
> --
> Kees
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<
https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
<
https://fedoraproject.org/wiki/Mailing_list_guidelines>
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
<
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure <
https://pagure.io/fedora-infrastructure>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure