freeipa问题:ldap复制出现问题
freeipa问题:ldap复制出现问题
- 日志报错:/var/log/dirsrv/slapd-WORMPEX-COM
[02/Aug/2019:15:47:36.492149800 +0800] - ERR - agmt="cn=dns2.sys.ops.bj1.wormpex.com-to-dns1.sys.ops.bj1.wormpex.com" (dns1:389) - clcache_load_buffer - Can't locate CSN 5d3d84f40002002f0000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized.
[02/Aug/2019:15:47:36.492569481 +0800] - ERR - NSMMReplicationPlugin - changelog program - repl_plugin_name_cl - agmt="cn=dns2.sys.ops.bj1.wormpex.com-to-dns1.sys.ops.bj1.wormpex.com" (dns1:389): CSN 5d3d84f40002002f0000 not found, we aren't as up to date, or we purged
[02/Aug/2019:15:47:36.492911718 +0800] - ERR - NSMMReplicationPlugin - send_updates - agmt="cn=dns2.sys.ops.bj1.wormpex.com-to-dns1.sys.ops.bj1.wormpex.com" (dns1:389): Data required to update replica has been purged from the changelog. If the error persists the replica must be reinitialized.
-
体现的现象
在dns2(一个ipa的复制服务器)上创建用户无法同步到dns1上(ipa的master服务器) -
产生的原因
之前修复某一问题的时候修改过/etc/dirsrv/slapd-WORMPEX-COM/dse.ldif配置文件 -
解决方式
就像日志中说的那样需要重新向master同步一遍数据
ipa-replica-manage re-initialize --from=dns1.sys.ops.bj1.wormpex.com
需要输入ldap的rootpw
如果忘记ldap的rootpw的解决方法
安装这个是需要slappasswd这个命令
yum install openldap-servers -y
slappasswd -s xxxxxxxx
{SSHA}Q/zi+WcS2rj12BzB97bQjTXZIbZ/OkG3
停止服务
systemctl -a | grep dir
systemctl stop dirsrv@WORMPEX-COM.service
修改密码
vim /etc/dirsrv/slapd-WORMPEX-COM/dse.ldif
sslapd-rootpw: {SSHA}Q/zi+WcS2rj12BzB97bQjTXZIbZ/OkG3
启动服务
systemctl start dirsrv@WORMPEX-COM.service