On 02/13/2014 02:05 AM, Jan Kowalsky wrote:
On 2014-02-12 23:25, Rich Megginson wrote:
On 02/12/2014 02:34 PM, Jan Kowalsky wrote:
Hi Rich,

thank you for answering,

Since this is my first experience with replication I don't know if I do something completely wrong or it's a but. I folled the documentation on https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Configuring-Replication-cmd.html

I've added some more information and logs below.

On 2014-02-12 18:04, Rich Megginson wrote:
On 02/12/2014 06:29 AM, Jan Kowalsky wrote:

Version and platform please - rpm -q 389-ds-base

yes, sorry, I forgot. I'm running on debian wheezy with the packages supplied by http://obs.kolabsys.com:82/Kolab:/3.1/Debian_7.0/:

389-ds-base amd64 389 Directory Server suite - server

I've got a single-master replication with one supplier (ldapmaster1) and one consumer (ldapmaster2)

After server restart replication isn't working anymore. The error-log:

[12/Feb/2014:12:04:51 +0100] NSMMReplicationPlugin - Found replication agreement named "cn=test replica,cn=replica,cn=dc\3Ddatenkollektiv\2Cdc\3Dnet,cn=mapping tree,cn=config". [12/Feb/2014:12:04:51 +0100] NSMMReplicationPlugin - The replication agreement named "cn=test replica,cn=replica,cn=dc\3Ddatenkollektiv\2Cdc\3Dnet,cn=mapping tree,cn=config" could not be correctly parsed. No replication will occur with this replica.

Looks like there is a problem with your replication agreement.

Yes, from the error it looks like. But the agreement was ok at least at the time of initializing replication and worked fine until restart.

This is how I added replication agreement:

# Adding Replication Agreement on ldmaster0
/usr/lib/mozldap/ldapmodify -h ldmaster0 -p 389 -D "cn=directory manager" -w SECRETBINDPW << EOF dn: cn=testreplica,cn=replica,cn=dc\=datenkollektiv\,dc\=net,cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: nsds5ReplicationAgreement
cn: testreplica
nsds5replicahost: ldslave0
nsds5replicaport: 389
nsds5ReplicaBindDN: cn=replication manager,cn=config
nsds5replicabindmethod: SIMPLE
nsds5replicaroot: dc=test,dc=net
description: agreement between ldmaster0 and ldslave0 for dc=test,dc=net
nsds5replicaupdateschedule: 0001-2359 0123456
nsds5replicatedattributelist: (objectclass=*) $ EXCLUDE authorityRevocationList accountUnlockTime memberof nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE accountUnlockTime
nsds5replicacredentials: SECRET

And it looks like this before restarting server:

/usr/lib/mozldap/ldapsearch -x -h ldmaster0 -p 389 -D "cn=directory manager" -w SECRET -s sub -b cn=config "(objectclass=nsds5ReplicationAgreement)"
version: 1
dn: cn=testreplica,cn=replica,cn=dc\3Ddatenkollektiv\2Cdc\3Dnet,cn=mapping tre
objectClass: top
objectClass: nsds5ReplicationAgreement
cn: testreplica
nsDS5ReplicaHost: ldslave0
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaRoot: dc=test,dc=net
description: agreement between ldmaster0 and ldslave0 for dc=test,dc=net
nsDS5ReplicaUpdateSchedule: 0001-2359 0123456
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE authorityRevocationLis
t accountUnlockTime memberof
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE accountUnlockTime
nsDS5ReplicaCredentials: {DES}vxy6ibkSEXE+4XrDjA7d5A==
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20140212210355Z
nsds5replicaLastUpdateEnd: 20140212210359Z
nsds5replicaChangesSentSinceStartup:: NzozLzAg
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate succeeded
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 20140212205308Z
nsds5replicaLastInitEnd: 20140212205311Z
nsds5replicaLastInitStatus: 0 Total update succeeded

After restart:

dn: cn=testreplica,cn=replica,cn=dc\3Ddatenkollektiv\2Cdc\3Dnet,cn=mapping tre
objectClass: top
objectClass: nsds5ReplicationAgreement
cn: testreplica
nsDS5ReplicaHost: ldslave0
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaRoot: dc=test,dc=net
description: agreement between ldmaster0 and ldslave0 for dc=test,dc=net
nsDS5ReplicaUpdateSchedule: 0001-2359 0123456
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE authorityRevocationLis
 t accountUnlockTime memberof
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE accountUnlockTime
nsDS5ReplicaCredentials: {DES}vxy6ibkSEXE+4XrDjA7d5A==
nsds50ruv: {replicageneration} 52fbded7000000070000
nsds50ruv: {replica 7 ldap://ldmaster0.datenkollektiv.net:389} 52fbdf290000000
 70000 52fbe1ba000000070000
nsruvReplicaLastModified: {replica 7 ldap://ldmaster0.datenkollektiv.net:389}
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 0
nsds5replicaLastUpdateEnd: 0
nsds5replicaLastUpdateStatus: 0 No replication sessions started since server s
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 0
nsds5replicaLastInitEnd: 0

I putted the logs in some gists:

Master log after server restart (replication isn't working anymore)

Master log before server restart (with working replication)

Slave log before server restart

All Definitions for replication provided during setup:

I tried again to reproduce in a fresh environment: still the same error, completely reproducable. Same happend in tests with multimaster with two masters.

Any idea appreciated.

The agreements look ok.  Please file a ticket.  Unless someone else

I'll do.

can spot the problem, the only way we are going to get to the bottom
of this is to add some extra debugging to the code (although there is
a lot of debugging there already for the repl log level - must be
something really strange that it doesn't print a message telling us
what went wrong).

How to get some more debugging? I turned log level to replication.

You can't get more debugging, that's the problem. We would need to change the code to add more.

The alternative is to run the server in the debugger (gdb) and step through the code to find out where the problem is.

Is there someone running Debian who can debug this?

Not sure what version is on Debian.  If it is the same as
the upstream, that's very old.  Should see if you can get
them to provide or later.

I tried it again with the newest version in debian unstable:
But the same result:

Not exactly the same result, unless there is an error message about "cannot parse the agreement entry" that you have elided.

[13/Feb/2014:09:57:49 +0100] NSMMReplicationPlugin - _replica_update_state: failed to update state of csn generator for replica dc=test,dc=net: LDAP error - 32 [13/Feb/2014:09:57:55 +0100] NSMMReplicationPlugin - Total update aborted: Replication agreement for "agmt="cn=testreplica" (ldslave1:389)" can not be updated while the replica is disabled [13/Feb/2014:09:57:55 +0100] NSMMReplicationPlugin - (If the suffix is disabled you must enable it then restart the server for replication to take place).

389 users mailing list

389 users mailing list

Reply via email to