...
- Получить (обновить) билет Kerberos администратора домена (по умолчанию имя администратора домена — admin, для получения билета потребуется ввести пароль администратора домена):
Command kinit admin Предупреждение Билет Kerberos администратора домена нужен не для всех команд, приведенных далее в примерах, но везде предполагается, что билет Kerberos администратора домена получен и необходимость получения билета специально не указывается. Если команда, требующая наличия билета Kerberos администратора домена выполняется с использованием sudo, то и билет для нее должен быть получен с использованием sudo. - Выполнить команды:
Command ldapsearch -Q -LLL -s base | awk '/^dn:/{print $2}'
...
Для проверки наличия конфликтов выполнить на контроллере домена команду:
| Command |
|---|
| /usr/sbin/sudo dsconf ldap://`hostname` -D "cn=Directory Manager" repl-conflict list <доменный_суффикс> |
...
Для конфликтов добавления рекомендуется сохранять валидные записи и удалять конфликтующие:
| Command |
|---|
| /usr/sbin/sudo dsconf ldap://<имя_КД> -D "cn=Directory Manager" repl-conflict delete <dn конфликтующей записи> |
...
- Сравнить конфликтующие записи:
Command /usr/sbin/sudo dsconf ldap://<имя_КД> -D "cn=Directory Manager" repl-conflict compare <dn конфликтующей записи> Проверить временные метки (атрибут
modifyTimestamp).Учесть бизнес-логику (учесть, какая запись реально используется) (учет бизнес-логики выходит за рамки настоящей статьи).
...
- Сравнить конфликтующие записи:
Command /usr/sbin/sudo dsconf ldap://<имя_КД> -D "cn=Directory Manager" repl-conflict compare <dn конфликтующей записи> - Принять решение и выполнить одно из следующих действий:
- удалить конфликтующую запись (пример для удаления конфликтующей записи приведен ранее);
- сделать конфликтующую запись действующей:
Command /usr/sbin/sudo dsconf ldap://<имя_КД> -D "cn=Directory Manager" repl-conflict swap <dn конфликтующей записи>
...
При обнаружении проблем репликации рекомендуется:
- включить расширенное Включить расширенное журналирование:
Command sudo dsconf -D "cn=Directory Manager" ldap://<имя_КД> config replace nsslapd-errorlog-level=24576 - Анализировать Проанализировать журнал в в /var/log/dirsrv/<имя_инстанса>/errors, например например /var/log/dirsrv/slapd-EXAMPLE-COM/errors.
Моделирование ошибок
...
Результат моделирования и выполнения команды ds-replcheck после моделирования ошибок:
| Блок кода | ||
|---|---|---|
| ||
================================================================================
Replication Synchronization Report (Wed Aug 6 15:50:57 2025)
================================================================================
Database RUV's
=====================================================
Supplier RUV:
{replica 3 ldap://dc02.ald250.pro:389} 687a55d0000100030000 68934868000000030000
{replica 4 ldap://dc01.ald250.pro:389} 687a55c1000100040000 68934c91000000040000
{replicageneration} 687a55c1000000040000
Replica RUV:
{replica 3 ldap://dc02.ald250.pro:389} 687a55d0000100030000 68934868000000030000
{replica 4 ldap://dc01.ald250.pro:389} 687a55c1000100040000 6891d7b1000000040000
{replicageneration} 687a55c1000000040000
Replication State: Replica is behind Supplier by: 95456 seconds
Entry Counts
=====================================================
Supplier: 3703
Replica: 3813
Tombstones
=====================================================
Supplier: 17
Replica: 10
Conflict Entries
=====================================================
Supplier Conflict Entries: 2
Missing Entries
=====================================================
Entries missing on Replica:
- cn=a1_9tplmxnqe0duwgnf5rk7dku1hhc6,cn=users_history,cn=accounts,dc=ald250,dc=pro (Created on Supplier at: Tue Aug 5 10:51:28 2025)
- cn=a2_dyj6exrhicuii991av19kqyoipsv,cn=users_history,cn=accounts,dc=ald250,dc=pro (Created on Supplier at: Tue Aug 5 10:52:16 2025)
- cn=conflict_user_3m98nnfmo7u7d2rsx,cn=users_history,cn=accounts,dc=ald250,dc=pro (Created on Supplier at: Tue Aug 5 10:55:18 2025)
- uid=a1,cn=deleted users,cn=accounts,cn=provisioning,dc=ald250,dc=pro (Created on Supplier at: Tue Aug 5 12:44:10 2025)
- uid=a2,cn=deleted users,cn=accounts,cn=provisioning,dc=ald250,dc=pro (Created on Supplier at: Tue Aug 5 12:44:11 2025)
- cn=test_role,cn=roles,cn=accounts,dc=ald250,dc=pro (Created on Supplier at: Wed Aug 6 08:36:15 2025)
- cn=journal.ald250.pro,cn=log,cn=services,cn=aldpro,cn=etc,dc=ald250,dc=pro (Created on Supplier at: Wed Aug 6 09:58:46 2025)
- cn=ansible,cn=users_history,cn=accounts,dc=ald250,dc=pro (Created on Supplier at: Wed Aug 6 09:59:51 2025)
- cn=login,cn=audit,dc=ald250,dc=pro (Created on Supplier at: Wed Aug 6 09:59:52 2025)
Entries missing on Supplier:
- cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:57 2025)
- cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:57 2025)
- uid=conflict_user,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- uid=testuser,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- uid=admin,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ng,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:57 2025)
- cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:57 2025)
- cn=conflict_user,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- cn=testuser,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- cn=print_admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=Default\20SMB\20Group,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ald\20trust\20admin,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=editors,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=computers,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:57 2025)
- ou=sudoers,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:57 2025)
- cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:56 2025)
- cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:56 2025)
- uid=conflict_user,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- uid=testuser,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- uid=admin,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ng,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:56 2025)
- cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:56 2025)
- cn=conflict_user,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- cn=testuser,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- cn=print_admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=Default\20SMB\20Group,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ald\20trust\20admin,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=editors,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=computers,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:56 2025)
- ou=sudoers,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:56 2025)
- cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:56 2025)
- cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:56 2025)
- uid=conflict_user,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- uid=testuser,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- uid=admin,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ng,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:56 2025)
- cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:56 2025)
- cn=conflict_user,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- cn=testuser,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- cn=print_admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=Default\20SMB\20Group,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ald\20trust\20admin,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=editors,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=computers,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:56 2025)
- ou=sudoers,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:56 2025)
- cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:55 2025)
- cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:55 2025)
- uid=conflict_user,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- uid=testuser,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- uid=admin,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ng,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:55 2025)
- cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:55 2025)
- cn=conflict_user,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- cn=testuser,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- cn=print_admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=Default\20SMB\20Group,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ald\20trust\20admin,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=editors,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=computers,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:55 2025)
- ou=sudoers,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:55 2025)
- cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:55 2025)
- cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:55 2025)
- uid=conflict_user,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- uid=testuser,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- uid=admin,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ng,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:55 2025)
- cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:55 2025)
- cn=conflict_user,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- cn=testuser,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- cn=print_admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=Default\20SMB\20Group,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ald\20trust\20admin,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=editors,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=computers,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:55 2025)
- ou=sudoers,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:55 2025)
- cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:54 2025)
- cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:54 2025)
- uid=conflict_user,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- uid=testuser,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- uid=admin,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ng,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:54 2025)
- cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:54 2025)
- cn=conflict_user,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- cn=testuser,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- cn=print_admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=Default\20SMB\20Group,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ald\20trust\20admin,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=editors,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=computers,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:54 2025)
- ou=sudoers,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:54 2025)
- cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:54 2025)
- cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:54 2025)
- uid=conflict_user,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- uid=testuser,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- uid=admin,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ng,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:54 2025)
- cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:54 2025)
- cn=conflict_user,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- cn=testuser,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- cn=print_admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=Default\20SMB\20Group,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ald\20trust\20admin,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=editors,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=computers,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:54 2025)
- ou=sudoers,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:54 2025)
- cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:53 2025)
- cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:53 2025)
- uid=conflict_user,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- uid=testuser,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- uid=admin,cn=users,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ng,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:53 2025)
- cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:53 2025)
- cn=conflict_user,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:55:53 2025)
- cn=testuser,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Tue Aug 5 10:06:38 2025)
- cn=print_admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=Default\20SMB\20Group,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=ald\20trust\20admin,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=editors,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=admins,cn=groups,cn=compat,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
- cn=computers,cn=compat,dc=ald250,dc=pro (Created on Replica at: Wed Aug 6 12:50:53 2025)
- ou=sudoers,dc=ald250,dc=pro (Created on Replica at: Fri Jul 18 14:19:28 2025)
Entry Inconsistencies
=====================================================
cn=log,cn=services,cn=aldpro,cn=etc,dc=ald250,dc=pro
----------------------------------------------------
- Attribute 'aci' is different:
Supplier:
- Value: (targetattr = "*")(target = "ldap
- State Info: aci;vucsn-68932756000400040000: (targetattr = "*")(target = "ldap:///cn=log,cn=services,cn=aldpro,cn=etc,dc=ald250,dc=pro")(version 3.0;acl "Read service log container by host journal.ald250.pro";allow (compare,read,search) userdn = "ldap:///fqdn=journal.ald250.pro,cn=computers,cn=accounts,dc=ald250,dc=pro";)
- Date: Wed Aug 6 12:58:46 2025
- Value: (targetattr = "cn || envvar")(target = "ldap
- State Info: aci;vucsn-68932757000000040000: (targetattr = "cn || envvar")(target = "ldap:///cn=journal.ald250.pro,cn=log,cn=services,cn=aldpro,cn=etc,dc=ald250,dc=pro")(version 3.0;acl "Read service log envvar by host journal.ald250.pro";allow (compare,read,search) userdn = "ldap:///fqdn=journal.ald250.pro,cn=computers,cn=accounts,dc=ald250,dc=pro";)
- Date: Wed Aug 6 12:58:47 2025
Replica:
- Origin value: b'(targetattr = "*")(targetfilter = "(objectClass=*)")(version 3.0;acl "permission:ALDPRO - Add Event Log Servers";allow (add) groupdn = "ldap:///cn=ALDPRO - Add Event Log Servers,cn=permissions,cn=pbac,dc=ald250,dc=pro";)'
- Origin value: b'(targetattr = "*")(targetfilter = "(objectClass=*)")(version 3.0;acl "permission:ALDPRO - Read Event Log Servers";allow (compare,read,search) groupdn = "ldap:///cn=ALDPRO - Read Event Log Servers,cn=permissions,cn=pbac,dc=ald250,dc=pro";)'
- Origin value: b'(targetattr = "*")(targetfilter = "(objectClass=*)")(version 3.0;acl "permission:ALDPRO - Remove Event Log Servers";allow (delete) groupdn = "ldap:///cn=ALDPRO - Remove Event Log Servers,cn=permissions,cn=pbac,dc=ald250,dc=pro";)'
- Origin value: b'(targetattr = "rbtaServiceName || servicerole || cn || rbtasite || objectClass")(targetfilter = "(objectclass=rbta-aldpro-service-instance)")(version 3.0;acl "permission:ALDPRO ROCO Event Log Servers - Read";allow (read,search,compare) groupdn = "ldap:///cn=ALDPRO ROCO Event Log Servers - Read,cn=permissions,cn=pbac,dc=ald250,dc=pro";)'
- Origin value: b'(targetattr = "rbtasite || servicerole")(targetfilter = "(objectClass=*)")(version 3.0;acl "permission:ALDPRO - Modify Event Log Servers";allow (write) groupdn = "ldap:///cn=ALDPRO - Modify Event Log Servers,cn=permissions,cn=pbac,dc=ald250,dc=pro";)'
cn=ALDPRO ROCO Attributes Mapping - Read,cn=privileges,cn=pbac,dc=ald250,dc=pro
-------------------------------------------------------------------------------
- Attribute 'member' is different:
Supplier:
- Value: cn=ALDPRO - Main Administrator,cn=roles,cn=accounts,dc=ald250,dc=pro
- State Info: member;adcsn-68931de1000200040000;vucsn-68931de1000200040000: cn=ALDPRO - Main Administrator,cn=roles,cn=accounts,dc=ald250,dc=pro
- Date: Wed Aug 6 12:18:25 2025
- Value: cn=ALDPRO - Domain Viewer,cn=roles,cn=accounts,dc=ald250,dc=pro
- State Info: member;vucsn-68931de1000200040000: cn=ALDPRO - Domain Viewer,cn=roles,cn=accounts,dc=ald250,dc=pro
- Date: Wed Aug 6 12:18:25 2025
- Value: cn=ALDPRO - Syncer Attributes Mapping Administrators,cn=roles,cn=accounts,dc=ald250,dc=pro
- State Info: member;vucsn-68931de1000200040000: cn=ALDPRO - Syncer Attributes Mapping Administrators,cn=roles,cn=accounts,dc=ald250,dc=pro
- Date: Wed Aug 6 12:18:25 2025
- Value: cn=test_role,cn=roles,cn=accounts,dc=ald250,dc=pro
- State Info: member;vucsn-68931de1000200040000: cn=test_role,cn=roles,cn=accounts,dc=ald250,dc=pro
- Date: Wed Aug 6 12:18:25 2025
Replica:
- Origin value: b'cn=ALDPRO - Domain Viewer,cn=roles,cn=accounts,dc=ald250,dc=pro'
- Origin value: b'cn=ALDPRO - Main Administrator,cn=roles,cn=accounts,dc=ald250,dc=pro'
- Origin value: b'cn=ALDPRO - Syncer Attributes Mapping Administrators,cn=roles,cn=accounts,dc=ald250,dc=pro'
cn=ALDPRO ROCO Attributes Mapping - Manage,cn=privileges,cn=pbac,dc=ald250,dc=pro
---------------------------------------------------------------------------------
- Attribute 'member' is different:
Supplier:
- Value: cn=ALDPRO - Main Administrator,cn=roles,cn=accounts,dc=ald250,dc=pro
- State Info: member;adcsn-68931de0000100040000;vucsn-68931de0000100040000: cn=ALDPRO - Main Administrator,cn=roles,cn=accounts,dc=ald250,dc=pro
- Date: Wed Aug 6 12:18:24 2025
- Value: cn=ALDPRO - Syncer Attributes Mapping Administrators,cn=roles,cn=accounts,dc=ald250,dc=pro
- State Info: member;vucsn-68931de0000100040000: cn=ALDPRO - Syncer Attributes Mapping Administrators,cn=roles,cn=accounts,dc=ald250,dc=pro
- Date: Wed Aug 6 12:18:24 2025
- Value: cn=test_role,cn=roles,cn=accounts,dc=ald250,dc=pro
- State Info: member;vucsn-68931de0000100040000: cn=test_role,cn=roles,cn=accounts,dc=ald250,dc=pro
- Date: Wed Aug 6 12:18:24 2025
Replica:
- Origin value: b'cn=ALDPRO - Main Administrator,cn=roles,cn=accounts,dc=ald250,dc=pro'
- Origin value: b'cn=ALDPRO - Syncer Attributes Mapping Administrators,cn=roles,cn=accounts,dc=ald250,dc=pro'
cn=ALDPRO - Organizational Units Administrators,cn=roles,cn=accounts,dc=ald250,dc=pro
-------------------------------------------------------------------------------------
- Replica missing attribute: "member"
- Supplier's State Info: member;adcsn-68930940000000040000;vucsn-68930940000000040000: uid=testuser,cn=users,cn=accounts,dc=ald250,dc=pro
- Date: Wed Aug 6 10:50:24 2025
fqdn=journal.ald250.pro,cn=computers,cn=accounts,dc=ald250,dc=pro
-----------------------------------------------------------------
- Replica missing attribute: "rbtasubsystemconfigstate"
- Supplier's State Info: rbtaSubsystemConfigState;adcsn-68932eab000000040000;vucsn-68932eab000000040000: {"state": "applied"}
- Date: Wed Aug 6 13:30:03 2025
- Replica missing attribute: "rbtasubsystemconfig"
- Supplier's State Info: rbtaSubsystemConfig;adcsn-6893278e000400040000;vucsn-6893278e000400040000: {"is_master": true}
- Date: Wed Aug 6 12:59:42 2025
- Replica missing attribute: "rbtasubsystemversionald"
- Supplier's State Info: rbtaSubsystemVersionAld;adcsn-6893278e000300040000;vucsn-6893278e000300040000: 2.5.0
- Date: Wed Aug 6 12:59:42 2025
- Replica missing attribute: "rbtasubsystemstate"
- Supplier's State Info: rbtaSubsystemState;adcsn-6893278e000200040000;vucsn-6893278e000200040000: installed
- Date: Wed Aug 6 12:59:42 2025
- Replica missing attribute: "rbtasubsystemmetainfo"
- Supplier's State Info: rbtaSubsystemMetainfo;adcsn-6893278e000100040000;vucsn-6893278e000100040000: {"state": "installed", "location": "hq", "role": "log", "site": "\u0413\u043e\u043b\u043e\u0432\u043d\u043e\u0439 \u043e\u0444\u0438\u0441", "state_created": "20250806095846Z", "state_updated": "20250806095942Z", "version_ald": "2.5.0"}
- Date: Wed Aug 6 12:59:42 2025
- Replica missing attribute: "rbtasubsystemlog"
- Supplier's State Info: rbtaSubsystemLog;adcsn-6893278e000000040000;vucsn-6893278e000000040000: [{"timestamp": "2025-08-06T09:58:46Z", "code": 1, "desc": "\u041e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430"}, {"timestamp": "2025-08-06T09:59:33.660699Z", "code": 9, "desc": "\u041d\u0430\u0447\u0430\u043b\u0430\u0441\u044c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430"}, {"timestamp": "2025-08-06T09:59:42.119576Z", "code": 2, "desc": "\u0421\u0435\u0440\u0432\u0435\u0440 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d"}]
- Date: Wed Aug 6 12:59:42 2025
- Replica missing attribute: "rbtasubsystemsite"
- Supplier's State Info: rbtaSubsystemSite;vucsn-68932756000000040006:: 0JPQvtC70L7QstC90L7QuSDQvtGE0LjRgQ==
- Date: Wed Aug 6 12:58:46 2025
- Replica missing attribute: "rbtasubsystemrole"
- Supplier's State Info: rbtaSubsystemRole;vucsn-68932756000000040005: log
- Date: Wed Aug 6 12:58:46 2025
- Replica missing attribute: "aldprochangesauthtor"
- Supplier's State Info: aldproChangesAuthtor;vucsn-68932756000000040000: cn=admin_353bd1beb59483655e479012fc,cn=users_history,cn=accounts,dc=ald250,dc=pro
- Date: Wed Aug 6 12:58:46 2025
- Replica missing attribute: "aci"
- Supplier's State Info: aci;vucsn-68932756000200040000: (targetattr = "objectclass || rbtaSubsystemCredentials || rbtaSubsystemMetainfo || rbtaSubsystemLog || rbtaSubsystemConfig || rbtaSubsystemRole || rbtaSubsystemVersionAld || rbtaSubsystemState || rbtaSubsystemConfigState || rbtaSubsystemSite || rbta-csr || rbta-crt")(target = "ldap:///fqdn=journal.ald250.pro,cn=computers,cn=accounts,dc=ald250,dc=pro")(version 3.0;acl "Read on behalf of the host";allow (compare,read,search) userdn = "ldap:///fqdn=journal.ald250.pro,cn=computers,cn=accounts,dc=ald250,dc=pro";)
- Date: Wed Aug 6 12:58:46 2025
- Supplier's State Info: aci;vucsn-68932756000300040000: (targetattr = "rbtaSubsystemCredentials || rbtaSubsystemMetainfo || rbtaSubsystemLog || rbtaSubsystemConfig || rbtaSubsystemVersionAld || rbtaSubsystemState || rbtaSubsystemConfigState || rbta-csr || rbta-crt")(target = "ldap:///fqdn=journal.ald250.pro,cn=computers,cn=accounts,dc=ald250,dc=pro")(version 3.0;acl "Write on behalf of the host";allow (add,write,delete) userdn = "ldap:///fqdn=journal.ald250.pro,cn=computers,cn=accounts,dc=ald250,dc=pro";)
- Date: Wed Aug 6 12:58:46 2025
- Attribute 'objectclass' is different:
Supplier:
- Value: ipaobject
- State Info: objectClass;adcsn-68932756000000040001;vucsn-68932756000000040001: ipaobject
- Date: Wed Aug 6 12:58:46 2025
- Value: ieee802device
- State Info: objectClass;vucsn-68932756000000040001: ieee802device
- Date: Wed Aug 6 12:58:46 2025
- Value: ipaSshGroupOfPubKeys
- State Info: objectClass;vucsn-68932756000000040001: ipaSshGroupOfPubKeys
- Date: Wed Aug 6 12:58:46 2025
- Value: ipahost
- State Info: objectClass;vucsn-68932756000000040001: ipahost
- Date: Wed Aug 6 12:58:46 2025
- Value: ipaservice
- State Info: objectClass;vucsn-68932756000000040001: ipaservice
- Date: Wed Aug 6 12:58:46 2025
- Value: ipasshhost
- State Info: objectClass;vucsn-68932756000000040001: ipasshhost
- Date: Wed Aug 6 12:58:46 2025
- Value: krbprincipal
- State Info: objectClass;vucsn-68932756000000040001: krbprincipal
- Date: Wed Aug 6 12:58:46 2025
- Value: krbprincipalaux
- State Info: objectClass;vucsn-68932756000000040001: krbprincipalaux
- Date: Wed Aug 6 12:58:46 2025
- Value: nshost
- State Info: objectClass;vucsn-68932756000000040001: nshost
- Date: Wed Aug 6 12:58:46 2025
- Value: pkiuser
- State Info: objectClass;vucsn-68932756000000040001: pkiuser
- Date: Wed Aug 6 12:58:46 2025
- Value: rbta-address
- State Info: objectClass;vucsn-68932756000000040001: rbta-address
- Date: Wed Aug 6 12:58:46 2025
- Value: rbta-subsystem
- State Info: objectClass;vucsn-68932756000000040001: rbta-subsystem
- Date: Wed Aug 6 12:58:46 2025
- Value: rbta-subsystem-pkiproxy
- State Info: objectClass;vucsn-68932756000000040001: rbta-subsystem-pkiproxy
- Date: Wed Aug 6 12:58:46 2025
- Value: rbta-unit
- State Info: objectClass;vucsn-68932756000000040001: rbta-unit
- Date: Wed Aug 6 12:58:46 2025
- Value: top
- State Info: objectClass;vucsn-68932756000000040001: top
- Date: Wed Aug 6 12:58:46 2025
Replica:
- Origin value: ieee802device
- Origin value: ipasshgroupofpubkeys
- Origin value: ipahost
- Origin value: ipaobject
- Origin value: ipaservice
- Origin value: ipasshhost
- Origin value: krbprincipal
- Origin value: krbprincipalaux
- Origin value: nshost
- Origin value: pkiuser
- Origin value: rbta-address
- Origin value: rbta-unit
- Origin value: top
cn=repl keep alive 4,dc=ald250,dc=pro
-------------------------------------
- Attribute 'keepalivetimestamp' is different:
Supplier:
- Value: 20250806123737Z
- State Info: keepalivetimestamp;adcsn-68934c91000000040000;vucsn-68934c91000000040000: 20250806123737Z
- Date: Wed Aug 6 15:37:37 2025
Replica:
- Value: 20250805093737Z
- State Info: keepalivetimestamp;adcsn-6891d0e1000000040000;vucsn-6891d0e1000000040000: 20250805093737Z
- Date: Tue Aug 5 12:37:37 2025
dnaHostname=dc01.ald250.pro+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=ald250,dc=pro
---------------------------------------------------------------------------------------------
- Attribute 'dnaremainingvalues' is different:
Supplier:
- Value: 100489
- State Info: dnaRemainingValues;adcsn-6891e339000000040000;vucsn-6891e339000000040000: 100489
- Date: Tue Aug 5 13:55:53 2025
Replica:
- Value: 199992
- State Info: dnaRemainingValues;adcsn-6891d7ae000100040000;vucsn-6891d7ae000100040000: 199992
- Date: Tue Aug 5 13:06:38 2025
uid=testuser,cn=users,cn=accounts,dc=ald250,dc=pro
--------------------------------------------------
- Attribute 'telephonenumber' is different:
Supplier:
- Value: +111111111
- State Info: telephoneNumber;adcsn-6891f9fa000000040000;vucsn-6891f9fa000000040000: +111111111
- Date: Tue Aug 5 15:32:58 2025
Replica:
- Value: +33333333
- State Info: telephoneNumber;adcsn-6891f9de000000030000;vucsn-6891f9de000000030000: +33333333
- Date: Tue Aug 5 15:32:30 2025
uid=conflict_user,cn=users,cn=accounts,dc=ald250,dc=pro
-------------------------------------------------------
- Attribute 'ipantsecurityidentifier' is different:
Supplier:
- Value: S-1-5-21-196329585-3226835358-3389735258-1010
- State Info: ipaNTSecurityIdentifier;adcsn-6891e316000800040001;vucsn-6891e316000800040001: S-1-5-21-196329585-3226835358-3389735258-1010
- Date: Tue Aug 5 13:55:18 2025
Replica:
- Value: S-1-5-21-196329585-3226835358-3389735258-101500
- State Info: ipaNTSecurityIdentifier;adcsn-6891e339000c00030001;vucsn-6891e339000c00030001: S-1-5-21-196329585-3226835358-3389735258-101500
- Date: Tue Aug 5 13:55:53 2025
- Attribute 'krbextradata' is different:
Supplier:
- Value:
- State Info: krbExtraData;adcsn-6891e316000300040000;vucsn-6891e316000300040000:: AAIV45Focm9vdC9hZG1pbkBBTEQyNTAuUFJPAA==
- Date: Tue Aug 5 13:55:18 2025
Replica:
- Value:
- State Info: krbExtraData;adcsn-6891e339000500030000;vucsn-6891e339000500030000:: AAI445Focm9vdC9hZG1pbkBBTEQyNTAuUFJPAA==
- Date: Tue Aug 5 13:55:53 2025
- Attribute 'krblastpwdchange' is different:
Supplier:
- Value: 20250805105517Z
- State Info: krbLastPwdChange;vucsn-6891e316000200040001: 20250805105517Z
- Date: Tue Aug 5 13:55:18 2025
Replica:
- Value: 20250805105552Z
- State Info: krbLastPwdChange;vucsn-6891e339000400030001: 20250805105552Z
- Date: Tue Aug 5 13:55:53 2025
- Attribute 'krbpasswordexpiration' is different:
Supplier:
- Value: 20250805105517Z
- State Info: krbPasswordExpiration;vucsn-6891e316000200040000: 20250805105517Z
- Date: Tue Aug 5 13:55:18 2025
Replica:
- Value: 20250805105552Z
- State Info: krbPasswordExpiration;vucsn-6891e339000400030000: 20250805105552Z
- Date: Tue Aug 5 13:55:53 2025
- Attribute 'givenname' is different:
Supplier:
- Value: conflict
- State Info: givenName;vucsn-6891e316000000040000: conflict
- Date: Tue Aug 5 13:55:18 2025
Replica:
- Value: conflicted
- State Info: givenName;vucsn-6891e339000100030000: conflicted
- Date: Tue Aug 5 13:55:53 2025
- Attribute 'cn' is different:
Supplier:
- Value: conflict User
- State Info: cn;vucsn-6891e316000000040000: conflict User
- Date: Tue Aug 5 13:55:18 2025
Replica:
- Value: conflicted User
- State Info: cn;vucsn-6891e339000100030000: conflicted User
- Date: Tue Aug 5 13:55:53 2025
- Attribute 'displayname' is different:
Supplier:
- Value: conflict User
- State Info: displayName;vucsn-6891e316000000040000: conflict User
- Date: Tue Aug 5 13:55:18 2025
Replica:
- Value: conflicted User
- State Info: displayName;vucsn-6891e339000100030000: conflicted User
- Date: Tue Aug 5 13:55:53 2025
- Attribute 'gecos' is different:
Supplier:
- Value: conflict User
- State Info: gecos;vucsn-6891e316000000040000: conflict User
- Date: Tue Aug 5 13:55:18 2025
Replica:
- Value: conflicted User
- State Info: gecos;vucsn-6891e339000100030000: conflicted User
- Date: Tue Aug 5 13:55:53 2025
- Attribute 'userpassword' is different:
Supplier:
- Value: {PBKDF2-SHA512}10000$+mn7IoPU4om7kLc9I3PS1opkiHJteGzy$uEHe5EuvMJ4c4KOukivH8+46Ohqvx8PuvSamj18k3uQnzgZ1KBl7brBq4yEGzxJc5Y6Ssl0hkxDZ2D0cMPCOLA==
- State Info: userPassword;vucsn-6891e316000000040000: {PBKDF2-SHA512}10000$+mn7IoPU4om7kLc9I3PS1opkiHJteGzy$uEHe5EuvMJ4c4KOukivH8+46Ohqvx8PuvSamj18k3uQnzgZ1KBl7brBq4yEGzxJc5Y6Ssl0hkxDZ2D0cMPCOLA==
- Date: Tue Aug 5 13:55:18 2025
Replica:
- Value: {PBKDF2-SHA512}10000$uPEJ8l/mnTsjJkckyxqqJRIQx/X2OrOI$Wzm9wddHKCb9JOLl4UVQLUk/czorLTUqEOYE6QBT/l4t+B+pXgJ8xXrVmkdnKYyREYmXrpf2XyNPsOoEbzbz8A==
- State Info: userPassword;vucsn-6891e339000100030000: {PBKDF2-SHA512}10000$uPEJ8l/mnTsjJkckyxqqJRIQx/X2OrOI$Wzm9wddHKCb9JOLl4UVQLUk/czorLTUqEOYE6QBT/l4t+B+pXgJ8xXrVmkdnKYyREYmXrpf2XyNPsOoEbzbz8A==
- Date: Tue Aug 5 13:55:53 2025
- Attribute 'ipauniqueid' is different:
Supplier:
- Value: acbf75f2-71ea-11f0-8dec-02000a452902
- State Info: ipaUniqueID;vucsn-6891e316000000040000: acbf75f2-71ea-11f0-8dec-02000a452902
- Date: Tue Aug 5 13:55:18 2025
Replica:
- Value: c173c7be-71ea-11f0-a685-02000a452904
- State Info: ipaUniqueID;vucsn-6891e339000100030000: c173c7be-71ea-11f0-a685-02000a452904
- Date: Tue Aug 5 13:55:53 2025
- Attribute 'krbprincipalkey' is different:
Supplier:
- Origin value: b'0\x81\xde\xa0\x03\x02\x01\x01\xa1\x03\x02\x01\x01\xa2\x03\x02\x01\x01\xa3\x03\x02\x01\x01\xa4\x81\xc70\x81\xc40h\xa0\x1b0\x19\xa0\x03\x02\x01\x04\xa1\x12\x04\x10eYQb_EFC-)X>eHD7\xa1I0G\xa0\x03\x02\x01\x12\xa1@\x04> \x00\xcd\xb1\xeaE5Atv\xf9\xc2`\xeb\x97\xbe\xd3;\xc5T\x01\x14b\xd2\xb1\xe6\'\xff|^\x85lL\x10/`\xb3Q\x8c\x95O\x87\xd1\xb4ox!.\xed\x0f8\xd7Wf")\xbba+\x1e/10X\xa0\x1b0\x19\xa0\x03\x02\x01\x04\xa1\x12\x04\x10MF{=:)VKQ|fEio>-\xa1907\xa0\x03\x02\x01\x11\xa10\x04.\x10\x00\xcd\xdd\x0f\x88e\x9c:\xdf\xab\xf5\xee+]"z\x838\xc8\x03\xc40\x0f\x8c3\xe4}\tn\x0et\x8b\x13\x86OR\xc7~\x95:\xd2\x0e"\x14\xa1'
Replica:
- Origin value: b'0\x81\xde\xa0\x03\x02\x01\x01\xa1\x03\x02\x01\x01\xa2\x03\x02\x01\x01\xa3\x03\x02\x01\x01\xa4\x81\xc70\x81\xc40h\xa0\x1b0\x19\xa0\x03\x02\x01\x04\xa1\x12\x04\x10cB:8<=Y-PH|B4*+k\xa1I0G\xa0\x03\x02\x01\x12\xa1@\x04> \x00_\x1b\x16\x9f\xb4\x8c\xeb\x8b\x8c5uA\xcdK\x02\xa4\xddId\xe3\x9b!\xcf\xe1\xfa\xdb~\xfe\xf9F\xa9j\xdf\x14\xc7\x05\xd9\xe9\xf8\xbe\x03\xc9&\x8f\xea\xb4\xact\xfb\xcf:j\xb8W>GO\x02\xfe\x1b0X\xa0\x1b0\x19\xa0\x03\x02\x01\x04\xa1\x12\x04\x1050QY-;1sSPVip&U$\xa1907\xa0\x03\x02\x01\x11\xa10\x04.\x10\x00Y\xcd\xc4\xb7`2W&\xea\xbal0\x8a\xa0\x87\xa0\x8d\xd8\x85\x9b\xfd\xc4\xe4\xe8\x98\xff\xb0\xa4\x18\x19\x99\x14\xf0\xa9d${\x9e\x95Es\xd1\xb4\xa4'
- Attribute 'uidnumber' is different:
Supplier:
- Origin value: b'1213200010'
Replica:
- Origin value: b'1213300500'
- Attribute 'gidnumber' is different:
Supplier:
- Origin value: b'1213200010'
Replica:
- Origin value: b'1213300500'
cn=conflict_user,cn=groups,cn=accounts,dc=ald250,dc=pro
-------------------------------------------------------
- Attribute 'gidnumber' is different:
Supplier:
- Value: 1213200010
- State Info: gidNumber;vucsn-6891e316000400040000: 1213200010
- Date: Tue Aug 5 13:55:18 2025
Replica:
- Value: 1213300500
- State Info: gidNumber;vucsn-6891e339000600030000: 1213300500
- Date: Tue Aug 5 13:55:53 2025
- Attribute 'ipauniqueid' is different:
Supplier:
- Value: accda578-71ea-11f0-8dec-02000a452902
- State Info: ipaUniqueID;vucsn-6891e316000400040000: accda578-71ea-11f0-8dec-02000a452902
- Date: Tue Aug 5 13:55:18 2025
Replica:
- Value: c1a7f6d8-71ea-11f0-a685-02000a452904
- State Info: ipaUniqueID;vucsn-6891e339000600030000: c1a7f6d8-71ea-11f0-a685-02000a452904
- Date: Tue Aug 5 13:55:53 2025
Result
=====================================================
There are replication differences between Supplier and Replica |
...
| Блок кода |
|---|
base_dn=$(ldapsearch -Q -LLL -s base | awk '/^dn:/{print $2}')
password="<PASSWORD>"
# Для пользователей
ipa-replica-manage list 2>/dev/null | grep -E '^[a-zA-Z0-9.-]+:' | awk -F: '{print $1}' | xargs -I{} bash -c 'echo "=== Проверка пользователей на реплике: {} ==="; ldapsearch -x -h {} -b "cn=users,cn=accounts,'"$base_dn"'" -s onelevel -D "cn=Directory Manager" -w "'"$password"'" "(uid=*)" dn 2>/dev/null | grep -c "^dn:" || echo "Ошибка подключения к {}"'
# Для компьютеров
ipa-replica-manage list 2>/dev/null | grep -E '^[a-zA-Z0-9.-]+:' | awk -F: '{print $1}' | xargs -I{} bash -c 'echo "=== Проверка компьютеров на реплике: {} ==="; ldapsearch -x -h {} -b "cn=computers,cn=accounts,'"$base_dn"'" -s onelevel -D "cn=Directory Manager" -w "'"$password"'" "(fqdn=*)" dn 2>/dev/null | grep -c "^dn:" || echo "Ошибка подключения к {}"'
# Для подразделений
ipa-replica-manage list 2>/dev/null | grep -E '^[a-zA-Z0-9.-]+:' | awk -F: '{print $1}' | xargs -I{} bash -c 'echo "=== Проверка подразделений на реплике: {} ==="; ldapsearch -x -h {} -b "cn=orgunits,cn=accounts,'"$base_dn"'" -s onelevel -D "cn=Directory Manager" -w "'"$password"'" "(ou=*)" dn 2>/dev/null | grep -c "^dn:" || echo "Ошибка подключения к {}"' |
Где <PASSWORD> - пароль УЗ учетной записи Directory Manager.Получение
Получение векторов репликации (Replica Update Vectors
...
, RUV)
...
sudo
...
ipa-replica-manage
...
list-ruv
Проверка статуса репликации между всеми серверами
...
dsconf
...
$(ldapsearch
...
-Q
...
-LLL
...
-s
...
base
...
|
...
awk
...
'/nisDomain:/{gsub(/\./,"-",$2);
...
...
toupper($2)}')
...
replication
...
monitor
На вопрос Enter a bind DN for <server>:389 ответьте cn="Directory Manager"
Вывести информацию о группе узлов ipaservers
...
| Блок кодаcommand |
|---|
| ipa hostgroup-show ipaservers |
Удаление всех конфликтов
...
| Предупреждение |
|---|
Данная команда удалит все конфликты, но данные могут быть повреждены! |
| Блок кодаcommand |
|---|
| domain=$(ldapsearch -Q -LLL -s base | awk '/nisDomain:/{gsub(/\./,"-",$2); print toupper($2)}'); dsconf $domain repl-conflict list $(ldapsearch -Q -LLL -s base | awk '/^dn:/{print $2}') | awk '/^dn: /{print substr($0,5)}' | xargs -I [] dsconf $domain repl-conflict delete [] |
Заключение
Регулярный мониторинг и соблюдение рекомендаций по разрешению конфликтов помогут избежать проблем с согласованностью данных.