freeipa问题:ldap复制出现问题

freeipa问题:ldap复制出现问题

  • 日志报错:/var/log/dirsrv/slapd-WORMPEX-COM
[02/Aug/2019:15:47:36.492149800 +0800] - ERR - agmt="cn=dns2.sys.ops.bj1.wormpex.com-to-dns1.sys.ops.bj1.wormpex.com" (dns1:389) - clcache_load_buffer - Can't locate CSN 5d3d84f40002002f0000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized.
[02/Aug/2019:15:47:36.492569481 +0800] - ERR - NSMMReplicationPlugin - changelog program - repl_plugin_name_cl - agmt="cn=dns2.sys.ops.bj1.wormpex.com-to-dns1.sys.ops.bj1.wormpex.com" (dns1:389): CSN 5d3d84f40002002f0000 not found, we aren't as up to date, or we purged
[02/Aug/2019:15:47:36.492911718 +0800] - ERR - NSMMReplicationPlugin - send_updates - agmt="cn=dns2.sys.ops.bj1.wormpex.com-to-dns1.sys.ops.bj1.wormpex.com" (dns1:389): Data required to update replica has been purged from the changelog. If the error persists the replica must be reinitialized.
  • 体现的现象
    在dns2(一个ipa的复制服务器)上创建用户无法同步到dns1上(ipa的master服务器)

  • 产生的原因
    之前修复某一问题的时候修改过/etc/dirsrv/slapd-WORMPEX-COM/dse.ldif配置文件

  • 解决方式
    就像日志中说的那样需要重新向master同步一遍数据

ipa-replica-manage  re-initialize --from=dns1.sys.ops.bj1.wormpex.com
需要输入ldap的rootpw

如果忘记ldap的rootpw的解决方法

安装这个是需要slappasswd这个命令
yum install openldap-servers -y
slappasswd -s  xxxxxxxx
{SSHA}Q/zi+WcS2rj12BzB97bQjTXZIbZ/OkG3
停止服务
systemctl -a | grep dir
systemctl stop dirsrv@WORMPEX-COM.service

修改密码
vim /etc/dirsrv/slapd-WORMPEX-COM/dse.ldif
sslapd-rootpw: {SSHA}Q/zi+WcS2rj12BzB97bQjTXZIbZ/OkG3

启动服务
systemctl start dirsrv@WORMPEX-COM.service
posted @ 2020-02-11 11:01  I'm杨呵呵  阅读(808)  评论(0编辑  收藏  举报