Problem: UCS Replication Fails

Knowledge Base Community
, , ,
#1

Problem:

The replication check returns a failure in replication.

root@ucs:~# /usr/lib/nagios/plugins/check_univention_replication
CRITICAL: no change of listener transaction id for last 0 checks (nid=3030 lid=3018)

You tried to fix the issue based on this article but you are getting an error “failed.ldif found. Aborting”. Trying to fix with this article did not help.

Environment

LDAP-Server (slapd) and univention-directory-listener did not start correctly. /var/log/syslog shows:

Nov  4 08:27:45 UCSDC-HB-02 logger: /etc/init.d/slapd stop (pid: 30236, ppid:    1 systemd)
Nov  4 08:27:45 UCSDC-HB-02 slapd[30236]: Stopping ldap server(s): slapd ...done.
Nov  4 08:27:45 UCSDC-HB-02 logger: /etc/init.d/slapd start (pid: 30250, ppid:    1 systemd)
Nov  4 08:27:45 UCSDC-HB-02 slapd[30263]: @(#) $OpenLDAP: slapd  (Jul 26 2017 09:40:57) $#012#011pbuser@ladda:/var/build/temp/tmp.snpZzuH2bm/pbuilder/openldap-2.4.42+dfsg/debian/build/servers/slapd
Nov  4 08:27:46 UCSDC-HB-02 slapd[30250]: Starting ldap server(s): slapd ...done.
Nov  4 08:27:49 UCSDC-HB-02 slapd[30250]: Found failed.ldif. Importing ...failed.

Solution

Step 1:

Check listener.log
/var/log/univention/listener.log shows:
Note: You might need to increase listener loglevel.

Try to sync changes stored in /var/lib/univention-directory-replication/failed.ldif into local LDAP
Shutting down univention-directory-listener.
UNIVENTION_DEBUG_BEGIN  : [...]
UNIVENTION_DEBUG_END    : [...]
 .04.11.19 09:08:37.165  LISTENER    ( WARN    ) : received signal 15 . . . . DONE.
replay stored changes ...
some DNs have failed and have to be synced manually:
cn=UCS,cn=dc,cn=computers,dc=multi,dc=ucs
You can find the failed modifications in /tmp/fileKKL0lO
Check them for being sync with the master-LDAP, then delete /var/lib/univention-directory-replication/failed.ldif and start the listener again typing:
/etc/init.d/univention-directory-listener start

Step 2:

Check the file mentioned in the logfile above (/tmp/fileKKL0lO) for information:

# Error: Undefined attribute type (17), additional info: memberOf: attribute type undefined
dn: cn=UCS,cn=dc,cn=computers,dc=multi,dc=ucs
changetype: modify
delete: memberOf

Step 3:

Install the missing attrtibute

rm /var/lib/univention-directory-replication/failed.ldif
apt update
univention-install univention-ldap-overlay-memberof

Step 4

Restart LDAP and listener:

systemctl restart slapd univention-directory-listener

Mastodon