Hi,
There were a few known issues with 389-ds and sync_repl. I see your version of 389-ds is 1.4.3.16-8.module_el8.4.0 but 389-ds-base-1.4.3.23-2.module_el8.5.0+835+5d54734c.x86_64.rpm is already available, maybe worth trying the latest packages.

flo

On Thu, Jul 8, 2021 at 3:32 PM Kees Bakker <keesb@ghs.com> wrote:
I now have a debugger attached and I can print some values
in ldap_entry_reconstruct and mldap_entry_read.

Breakpoint 1 is at the if in
         result = mldap_entry_read(mldap, uuid, &node);
         if (result != ISC_R_SUCCESS) {

Breakpoint 2 is at
         return metadb_readnode_open(mldap->mdb, &mname, nodep);


It appears that I'm getting ISC_R_NOTFOUND (23)

Thread 8 "isc-worker0000" hit Breakpoint 2, mldap_entry_read
(mldap=mldap@entry=0x7f3299a27490,
     uuid=uuid@entry=0x7f32843cd520, nodep=nodep@entry=0x7f32843cd430)
at mldap.c:395
395        return metadb_readnode_open(mldap->mdb, &mname, nodep);
$8 = {magic = 1145983854, ndata = 0x7f32843cd2d0
"$6af6dc17-dfe5-11eb-8275-90e8ab7c8ee8\004uuid\004ldap",
   length = 48, labels = 4, attributes = 1, offsets = 0x0, buffer =
0x7f32843cd240, link = {
     prev = 0xffffffffffffffff, next = 0xffffffffffffffff}, list = {head
= 0x0, tail = 0x0}}

Thread 8 "isc-worker0000" hit Breakpoint 1, ldap_entry_reconstruct
(mctx=0x555f921047d0,
     mldap=0x7f3299a27490, uuid=uuid@entry=0x7f32843cd520,
entryp=entryp@entry=0x7f32843cd4a0)
     at ldap_entry.c:148
148        if (result != ISC_R_SUCCESS) {
$9 = {bv_len = 16,
   bv_val = 0x7f327d032199
"j\366\334\027\337\345\021\353\202u\220\350\253|\216", <incomplete
sequence \350>}
$10 = 23
$11 = (metadb_node_t *) 0x0

What can I do next?

On 01-07-2021 10:24, Kees Bakker via FreeIPA-users wrote:
> Hey,
>
> In two of my three masters I see these error messages.
>
> Jul 01 09:38:38 linge.ghs.nl named-pkcs11[6945]: bug in
> ldap_entry_reconstruct(): protocol violation: attempt to reconstruct
> non-existing entry
> Jul 01 09:38:38 linge.ghs.nl named-pkcs11[6945]: ldap_sync_search_entry
> failed: not found
>
> It also so happens that DNS is not updated on these two systems.
> We only use one master to update DNS, either via the web interface
> or via DHCP-update. These changes are correctly found in LDAP, on
> all three systems. However, the two other nameservers don't pick
> up the changes.
>
> There are no "syncrepl_update" messages in the log (after increasing
> trace level with rndc trace 10).
>
> To be honest, I don't know if the above errors are related to the missing
> updates. I'm grasping at straws here.
> Something is seriously wrong, but what? How can I debug this further?
>
> The two failing systems run CentOS 8 Stream. Some rpm info:
> 389-ds-base-1.4.3.16-8.module_el8.4.0+644+ed25d39e.x86_64
> ipa-server-4.9.2-3.module_el8.5.0+750+c59b186b.x86_64
> --
> Kees
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to
> freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure