On 11/06/2013 02:08 AM, Rich Megginson wrote: > On 11/05/2013 04:23 PM, Tamas Papp wrote: >> On 11/05/2013 09:25 PM, Rich Megginson wrote: >>> On 11/05/2013 01:03 PM, Tamas Papp wrote: >>>> On 11/05/2013 03:58 PM, Rich Megginson wrote: >>>>> On 11/05/2013 07:53 AM, Tamas Papp wrote: >>>>>> On 11/05/2013 03:17 PM, Rich Megginson wrote: >>>>>>> https://fedorahosted.org/389/ticket/47516 >>>>>>> >>>>>>> This has been fixed upstream and in some releases - to allow >>>>>>> replication to proceed despite excessive clock skew - what is your >>>>>>> 389-ds-base version and platform? >>>>>> What is the clock skewed? The date and time is the same on both >>>>>> machines. >>>>> VMs are notorious for having the clocks get out of sync - even >>>>> temporarily. >>>> What do you mean by this? >>>> I definitely see the same time on the machines. >>>> Also I can see in the log, that the replication is resumed. There >>>> is no >>>> messages about the broken replication after the resume message. >>>> >>>>>> freeipa-admintools-3.3.2-1.fc19.x86_64 >>>>>> freeipa-client-3.3.2-1.fc19.x86_64 >>>>>> freeipa-python-3.3.2-1.fc19.x86_64 >>>>>> freeipa-server-3.3.2-1.fc19.x86_64 >>>>>> libipa_hbac-1.11.1-4.fc19.x86_64 >>>>>> libipa_hbac-python-1.11.1-4.fc19.x86_64 >>>>>> sssd-ipa-1.11.1-4.fc19.x86_64 >>>>>> 389-ds-base-libs-1.3.1.12-1.fc19.x86_64 >>>>>> 389-ds-base-1.3.1.12-1.fc19.x86_64 >>>>>> >>>>>> Linux ipa31.bph.cxn 3.11.6-201.fc19.x86_64 #1 SMP Sat Nov 2 >>>>>> 14:09:09 UTC >>>>>> 2013 x86_64 x86_64 x86_64 GNU/Linux >>>>>> Fedora 19. >>>>>> >>>>>> >>>>>> How can I fix it? >>>>> ldapmodify -x -D "cn=directory manager" -W <<EOF >>>>> dn: cn=config >>>>> changetype: modify >>>>> replace: nsslapd-ignore-time-skew >>>>> nsslapd-ignore-time-skew: on >>>>> EOF >>>>> >>>>> Do this on all of your servers. >>>> I tried this, but no joy. Still not good:/ >>> Can you describe the exact steps you took, on all replicas? >> I created ldif files: >> >> # cat replication_ignore-time-skew.ldif >> dn: cn=config >> changetype: modify >> replace: nsslapd-ignore-time-skew >> nsslapd-ignore-time-skew: on >> >> Then: >> >> $ ldapmodify -x -D "cn=directory manager" -W -f >> replication_ignore-time-skew.ldif >> >> >> >> But I don't see the changes: >> >> # ldapsearch -x|grep -i ignore > ldapsearch -x -D "cn=directory manager" -W -s base -b cn=config > 'objectclass=*' nsslapd-ignore-time-skew
You're right, I tried it with wrong base dn. Thanks, tamas _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
