Followup: I had added a ppolicy module to Master but not to Consumer. Thus the message about pwdChangeTime. Adding the module to consumer fixed replication.

-danny

On Fri, Jan 12, 2018 at 4:33 PM, Daniel Howard <dannyman@toldme.com> wrote:
Hello,


I noticed recently a symptom, whereby a new user exists only on the primary.

So, I started to debug:

Master: (ldap0)

0-16:23 djh@ldap0 ~$ ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=qxxxxxxxxd,dc=com contextCSN
dn: dc=qxxxxxxxxd,dc=com
contextCSN: 20180113002606.399160Z#000000#000#000000

Consumer: (ldap1)

0-16:23 djh@ldap1 ~$ ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=qxxxxxxxxd,dc=com contextCSN
dn: dc=qxxxxxxxxd,dc=com
contextCSN: 20171121212631.416502Z#000000#000#000000

Ooohhh, my!

I have a lot of messages like this on the consumer:

Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_message_to_entry: rid=317 DN: uid=djh,ou=People,dc=qxxxxxxxxd,dc=com, UUID: 29f7fc06-7c2a-1035-83e5-9d6082b37970
Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_entry: rid=317 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_entry: rid=317 inserted UUID 29f7fc06-7c2a-1035-83e5-9d6082b37970
Jan 12 16:28:55 ldap1 slapd[5383]: dn_callback : entries have identical CSN uid=djh,ou=People,dc=qxxxxxxxxd,dc=com 20180113002133.183992Z#000000#000#000000
Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_entry: rid=317 be_search (0)
Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_entry: rid=317 uid=djh,ou=People,dc=qxxxxxxxxd,dc=com
Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_entry: rid=317 entry unchanged, ignored (uid=djh,ou=People,dc=qxxxxxxxxd,dc=com)
Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_message_to_entry: rid=317 DN: uid=john,ou=People,dc=qxxxxxxxxd,dc=com, UUID: ddaae880-7c2f-1035-83ed-9d6082b37970
Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_message_to_entry: rid=317 mods check (pwdChangedTime: attribute type undefined)
Jan 12 16:28:55 ldap1 slapd[5383]: do_syncrepl: rid=317 rc 17 retrying

What is funny is I can, for example, change the loginshell on my account, and that replicates.

Is the latter message about pwdChangedTime a clue that maybe I had a schema change on Master that hasn't been applied to Consumer?

Please advise on where to look next? Thanks!

-danny

--



--
http://dannyman.toldme.com