How to reset Listener / Notifier replication


In case severe inconsistency or corruption has be detected for the translog file we recommend to reset the replication for all systems in the domain. Please note that this is a major operation and will induce temporary downtimes for all services in the UCS domain.

These steps described in this article only apply to you, if you are sure, that the LDAP replication in your UCS domain has severe inconsistencies. Make sure to first follow the analysis described in

before continuing with this article.


Step 1: Reset LDAP transaction status on the UCS Master

As a first step, stop the LDAP-Server slapd, univention-directory-notifier (UDN) and univention-directory-listener (UDL) on all servers by logging in as root on each server and running

service slapd stop
service univention-directory-notifier stop
service univention-directory-listener stop

On Member servers there is only the listener running.

On the UCS Master run the following commands to reset the replication counters:
Note: You might download the script (1.2 KB) and start it with python

python -c "
from os import unlink
from os.path import getsize
from subprocess import Popen, PIPE
from univention.config_registry import ConfigRegistry

ucr = ConfigRegistry()

# get last transaction ID from UDL
p = Popen(['/usr/sbin/univention-directory-listener-dump', '-i'], stdout=PIPE)
stdout, stderr = p.communicate()
lid = nid = last_id = int(stdout.split()[0])

# get first and last transaction ID of pending transactions (not yet processed by UDN)
if getsize('/var/lib/univention-ldap/listener/listener') > 0:
    with open('/var/lib/univention-ldap/listener/listener') as f:
        first = f.readline()
        head, tail = first.split(' ', 1)
        nid = int(head)
        for line in f:
        head, tail = line.split(' ', 1)
        last_id = int(head)

# Fill transaction file with dummy entries for missing transactions
with open('/var/lib/univention-ldap/notify/transaction', 'w') as f:
    for id in xrange(lid, nid):
        f.write('%d %s m\n' % (id, ucr['ldap/base']))

# Write last transaction ID for slapd
with open('/var/lib/univention-ldap/last_id', 'w') as f:

# Force UDN to re-build index

Sine UCS 4.3-3 erratum 426 the transactions must also be re-imported into the cn=translog database:

/usr/share/univention-ldap/setup-translog init --force
service slapd start
/usr/share/univention-directory-notifier/univention-translog import

Now the translog should be ok again. Optionally this can be checked be running

/usr/share/univention-directory-notifier/univention-translog check --skip-services

After this, the remaining services UDN and UDL need to be started again:

service slapd start
service univention-directory-notifier start
service univention-directory-listener start

Step 2: Rejoin all systems

Next all other UCS servers need to be joined again. It is a good idea to start re-joining with the UCS Backup systems in the domain and continue with UCS Slave and Memberserver systems. On all system roles this can be achieved by running univention-join.

1 Like