Hi there, I’ve installed ipa-server-3.0.0-42.el6.centos.x86_64 on CentOS 6.6 servers. Configured first as a master. Configured second as a replica. Everything went smooth, no errors. If I create a user on the master, it automatically shows up on the replica. BUT If I create a user on the replica, I cannot see on the master the created user. (or if i delete a user on replica which was created on master, it stays on the masters)
I’ve tried to force-sync the master without luck: [root@centosm ~]# ipa-replica-manage force-sync --from centosr.macp.sh ipa: INFO: Setting agreement cn=meTocentosm.macp.sh,cn=replica,cn=dc\=macp\,dc\=sh,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=meTocentosm.macp.sh,cn=replica,cn=dc\=macp\,dc\=sh,cn=mapping tree,cn=config Example: [root@centosr ~]# ipa user-add First name: test Last name: test User login [ttest]: ------------------ Added user "ttest" ------------------ User login: ttest First name: test Last name: test Full name: test test Display name: test test Initials: tt Home directory: /home/ttest GECOS field: test test Login shell: /bin/sh Kerberos principal: [email protected] Email address: [email protected] UID: 1213900501 GID: 1213900501 Password: False Kerberos keys available: False [root@centosm ~]# ipa user-show ttest ipa: ERROR: ttest: user not found I’ve checked replication statuses: Master: [root@centosm ~]# ldapsearch -x -h centosm.macp.sh -D "cn=directory manager" -w xxxxxx1 -b cn=config '(objectclass=nsds5replicationagreement)' # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: (objectclass=nsds5replicationagreement) # requesting: ALL # # meTocentosr.macp.sh, replica, dc\3Dmacp\2Cdc\3Dsh, mapping tree, config dn: cn=meTocentosr.macp.sh,cn=replica,cn=dc\3Dmacp\2Cdc\3Dsh,cn=mapping tree,c n=config cn: meTocentosr.macp.sh objectClass: nsds5replicationagreement objectClass: top nsDS5ReplicaTransportInfo: LDAP description: me to centosr.macp.sh nsDS5ReplicaRoot: dc=macp,dc=sh nsDS5ReplicaHost: centosr.macp.sh nsds5replicaTimeout: 120 nsDS5ReplicaPort: 389 nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20150127162748Z nsds5replicaLastUpdateEnd: 20150127162751Z nsds5replicaChangesSentSinceStartup:: NDoxMzkxLzMg nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 20150127145831Z nsds5replicaLastInitEnd: 20150127145834Z nsds5replicaLastInitStatus: 0 Total update succeeded # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Slave: [root@centosr ~]# ldapsearch -x -h centosr.macp.sh -D "cn=directory manager" -w almafa12 -b cn=config '(objectclass=nsds5replicationagreement)' # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: (objectclass=nsds5replicationagreement) # requesting: ALL # # meTocentosm.macp.sh, replica, dc\3Dmacp\2Cdc\3Dsh, mapping tree, config dn: cn=meTocentosm.macp.sh,cn=replica,cn=dc\3Dmacp\2Cdc\3Dsh,cn=mapping tree,c n=config cn: meTocentosm.macp.sh objectClass: nsds5replicationagreement objectClass: top nsDS5ReplicaTransportInfo: LDAP description: me to centosm.macp.sh nsDS5ReplicaRoot: dc=macp,dc=sh nsDS5ReplicaHost: centosm.macp.sh nsds5replicaTimeout: 120 nsDS5ReplicaPort: 389 nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 54c7a797000000040000 nsds50ruv: {replica 4 ldap://centosm.macp.sh:389} nsds50ruv: {replica 3 ldap://centosr.macp.sh:389} 54c7a79b000000030000 54c7a7a 1000400030000 nsruvReplicaLastModified: {replica 4 ldap://centosm.macp.sh:389} 00000000 nsruvReplicaLastModified: {replica 3 ldap://centosr.macp.sh:389} 00000000 nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20150127162747Z nsds5replicaLastUpdateEnd: 20150127162747Z nsds5replicaChangesSentSinceStartup: nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate started nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 0 nsds5replicaLastInitEnd: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root@centosm ~]# ipa-replica-manage list centosm.macp.sh: master centosr.macp.sh: master [root@centosm ~]# ipa-replica-manage -v list centosr.macp.sh centosm.macp.sh: replica last init status: None last init ended: None last update status: 0 Replica acquired successfully: Incremental update started last update ended: 2015-01-27 16:29:00+00:00 [root@centosm ~]# [root@centosr ~]# ipa-replica-manage list centosm.macp.sh: master centosr.macp.sh: master [root@centosr ~]# ipa-replica-manage list -v centosm.macp.sh centosr.macp.sh: replica last init status: 0 Total update succeeded last init ended: 2015-01-27 14:58:34+00:00 last update status: 0 Replica acquired successfully: Incremental update started last update ended: None [root@centosr ~]# Probably I’m missing something really obvious, so if anyone can tell me what, I would be really grateful :). Kind regards, Csaba Kollar -- ***** Email confidentiality notice ***** Xanadu Consultancy Limited is a limited company registered in Ireland with registered number 500416 and VAT registered number IE 9793319P. Our registered office is at Floor 2, River House, Blackpool Retail & Business Park, Cork, Ireland. We have a branch office registered in England and Wales with company number FC030315, whose address is at Unit 710 Highgate Studios, 53-79 Highgate Road, London, NW5 1TL. This message is intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to us, and immediately and permanently delete it. Do not use, copy or disclose the information contained in this message or in any attachment. Xanadu Consultancy Limited cannot accept liability for any statements made which are clearly the sender’s own and not expressly made on behalf of Xanadu Consultancy Limited.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
