search

abbra / freeipa

Mirror of FreeIPA, an integrated security information management solution
http://www.freeipa.org
GNU General Public License v3.0
2 stars 1 forks source link

gc-wip: user is recreated on every start of sync daemon #56

Closed wladich closed 4 years ago

wladich commented 4 years ago

Note: this does not apply to users created before first run of ipa-adtrust-install

Steps:

# printf '[global]\ndebug=True' > /etc/ipa/globalcatalog.conf
# ipa-adtrust-install -U -a Secret123 --add-sids
...
# ipa user-add user1 --first First --last User
[see log 1]
# systemctl stop ipa-gcsyncd.service
# rm -f /var/log/ipa/globalcatalog.log
# systemctl start ipa-gcsyncd.service
[see log 2]
# systemctl stop ipa-gcsyncd.service
# rm -f /var/log/ipa/globalcatalog.log
# systemctl start ipa-gcsyncd.service
[see log 3]

log 1:

... skipping plugin importing
2020-10-14T09:26:10Z    33787   MainThread  ipa-gcsyncd DEBUG   LDAP URL: ldapi://%2Frun%2Fslapd-TESTRELM-TEST.socket/cn%3Daccounts%2Cdc%3Dtestrelm%2Cdc%3Dtest?objectclass,cn,displayname,gidnumber,givenname,homedirectory,ipaexternalmember,ipantsecurityidentifier,ipauniqueid,krbcanonicalname,krbprincipalname,mail,member,memberof,sn,uid,uidnumber?sub?%28%7C%28objectClass%3Dgroupofnames%29%28objectClass%3Dperson%29%29
2020-10-14T09:26:10Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   get_saved_cookie
2020-10-14T09:26:10Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   New cookie is: None
2020-10-14T09:26:10Z    33787   MainThread  ipa-gcsyncd INFO    LDAP bind...
2020-10-14T09:26:10Z    33787   MainThread  ipa-gcsyncd INFO    Commencing sync process
2020-10-14T09:26:10Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Current cookie is: None
2020-10-14T09:26:10Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Detected add of entry: uid=admin,cn=users,cn=accounts,dc=testrelm,dc=test 6c4ffb28-0dfd-11eb-8275-d1d29acf4d90
2020-10-14T09:26:10Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   user_add uid=admin,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:10Z    33787   MainThread  ipapython.ipaldap   DEBUG   retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-TESTRELM-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f279a603820>
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Adding user to the Global Catalog 
dn: CN=Administrator,CN=Users,dc=testrelm,dc=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: ad-top
objectClass: ad-organizationalPerson
objectClass: user
objectClass: securityPrincipal
objectClass: posixAccount
objectClass: inetUser
objectClass: gcobject
cn: Administrator
sn: Administrator
instanceType: 4
name: Administrator
objectGUID:: bOToeA39EeuzmlJUAJrKUA==
userAccountControl: 66048
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA193Ho+cULaC6bIqW9AEAAA==
sAMAccountName: admin
sAMAccountType: 805306368
userPrincipalName: admin@TESTRELM.TEST
objectCategory: CN=Person,CN=Schema,CN=Configuration,dc=testrelm,dc=test
uidnumber: 970400000
gidnumber: 970400000
uid: admin
homeDirectory: /home/admin
memberof: cn=admins,cn=users,dc=testrelm,dc=test
memberof: cn=Replication Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test
memberof: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Read DNA Range,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Host Enrollment,cn=privileges,cn=pbac,dc=testrelm,dc=test
memberof: cn=System: Add krbPrincipalName to a Host,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=System: Enroll a Host,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=System: Manage Host Certificates,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=System: Manage Host Enrollment Password,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=System: Manage Host Keytab,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=System: Manage Host Principals,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=trust admins,cn=users,dc=testrelm,dc=test
nTSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO)
gcuuid: 6c4ffb28-0dfd-11eb-8275-d1d29acf4d90
2020-10-14T09:26:11Z    33787   MainThread  ipapython.ipaldap   DEBUG   retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-GLOBAL-CATALOG.socket conn=<ldap.ldapobject.ReconnectLDAPObject object at 0x7f279a603970>
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Detected add of entry: cn=admins,cn=groups,cn=accounts,dc=testrelm,dc=test 6c4ffb29-0dfd-11eb-8275-d1d29acf4d90
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   group_add cn=admins,cn=groups,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Adding group to the Global Catalog dn: CN=admins,CN=Users,dc=testrelm,dc=test
objectClass: top
objectClass: ad-top
objectClass: group
objectClass: securityprincipal
objectClass: nsmemberof
objectClass: gcobject
cn: admins
instanceType: 4
name: admins
objectGUID:: bP467g39Eeu8CVJUAJrKUA==
objectSid:: AQUAAAAAAAUVAAAA193Ho+cULaC6bIqWAAIAAA==
sAMAccountName:  admins
sAMAccountType: 268435456
objectCategory: CN=Group,CN=Schema,CN=Configuration,dc=testrelm,dc=test
ntsecuritydescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
member: CN=Administrator,CN=Users,dc=testrelm,dc=test
memberof: cn=Replication Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=test
memberof: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Read DNA Range,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=Host Enrollment,cn=privileges,cn=pbac,dc=testrelm,dc=test
memberof: cn=System: Add krbPrincipalName to a Host,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=System: Enroll a Host,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=System: Manage Host Certificates,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=System: Manage Host Enrollment Password,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=System: Manage Host Keytab,cn=permissions,cn=pbac,dc=testrelm,dc=test
memberof: cn=System: Manage Host Principals,cn=permissions,cn=pbac,dc=testrelm,dc=test
groupType: -2147483646
gcuuid: 6c4ffb29-0dfd-11eb-8275-d1d29acf4d90
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Detected add of entry: cn=ipausers,cn=groups,cn=accounts,dc=testrelm,dc=test 6c4ffb2a-0dfd-11eb-8275-d1d29acf4d90
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   group_add cn=ipausers,cn=groups,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Adding group to the Global Catalog dn: CN=ipausers,CN=Users,dc=testrelm,dc=test
objectClass: top
objectClass: ad-top
objectClass: group
objectClass: securityprincipal
objectClass: nsmemberof
objectClass: gcobject
cn: ipausers
instanceType: 4
name: ipausers
objectGUID:: bQxeYg39Eeudl1JUAJrKUA==
objectSid:: AQQAAAALQxFiXgxt6xH9DVRSl51QypoA
sAMAccountName:  ipausers
sAMAccountType: 268435456
objectCategory: CN=Group,CN=Schema,CN=Configuration,dc=testrelm,dc=test
ntsecuritydescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
groupType: 2
gcuuid: 6c4ffb2a-0dfd-11eb-8275-d1d29acf4d90
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Detected add of entry: cn=editors,cn=groups,cn=accounts,dc=testrelm,dc=test 6c4ffb2b-0dfd-11eb-8275-d1d29acf4d90
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   group_add cn=editors,cn=groups,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Adding group to the Global Catalog dn: CN=editors,CN=Users,dc=testrelm,dc=test
objectClass: top
objectClass: ad-top
objectClass: group
objectClass: securityprincipal
objectClass: nsmemberof
objectClass: gcobject
cn: editors
instanceType: 4
name: editors
objectGUID:: bQ2ZqA39EeukPVJUAJrKUA==
objectSid:: AQUAAAAAAAUVAAAA193Ho+cULaC6bIqW6gMAAA==
sAMAccountName:  editors
sAMAccountType: 268435456
objectCategory: CN=Group,CN=Schema,CN=Configuration,dc=testrelm,dc=test
ntsecuritydescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
groupType: -2147483646
gcuuid: 6c4ffb2b-0dfd-11eb-8275-d1d29acf4d90
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Dropping syncrepl_entry for user cn=ipaservers,cn=hostgroups,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Dropping syncrepl_entry for user cn=helpdesk,cn=roles,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Dropping syncrepl_entry for user cn=User Administrator,cn=roles,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Dropping syncrepl_entry for user cn=IT Specialist,cn=roles,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Dropping syncrepl_entry for user cn=IT Security Specialist,cn=roles,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Dropping syncrepl_entry for user cn=Security Architect,cn=roles,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Dropping syncrepl_entry for user cn=Enrollment Administrator,cn=roles,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Detected add of entry: cn=trust admins,cn=groups,cn=accounts,dc=testrelm,dc=test e4b6bc57-0dfd-11eb-8275-d1d29acf4d90
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   group_add cn=trust admins,cn=groups,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Adding group to the Global Catalog dn: CN=trust admins,CN=Users,dc=testrelm,dc=test
objectClass: top
objectClass: ad-top
objectClass: group
objectClass: securityprincipal
objectClass: nsmemberof
objectClass: gcobject
cn: trust admins
instanceType: 4
name: trust admins
objectGUID:: 6Hb40g39EeuNNlJUAJrKUA==
objectSid:: AQQAAAALQxHS+Hbo6xH9DVRSNo1QypoA
sAMAccountName:  trust admins
sAMAccountType: 268435456
objectCategory: CN=Group,CN=Schema,CN=Configuration,dc=testrelm,dc=test
ntsecuritydescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
member: CN=Administrator,CN=Users,dc=testrelm,dc=test
groupType: 2
gcuuid: e4b6bc57-0dfd-11eb-8275-d1d29acf4d90
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   New cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#160
2020-10-14T09:26:11Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    INFO    Initial LDAP dump is done, now synchronizing with GC
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Detected add of entry: uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test 4592c428-0dff-11eb-8275-d1d29acf4d90
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   user_add uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    ERROR   Failed to create GC entry based on uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test (Unable to create SID, missing data)
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   New cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#164
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Detected add of entry: uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test 4592c428-0dff-11eb-8275-d1d29acf4d90
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   user_add uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    ERROR   Failed to create GC entry based on uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test (Unable to create SID, missing data)
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   New cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#164
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Detected add of entry: uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test 4592c428-0dff-11eb-8275-d1d29acf4d90
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   user_add uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    ERROR   Failed to create GC entry based on uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test (Unable to create SID, missing data)
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   New cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#166
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Detected add of entry: uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test 4592c428-0dff-11eb-8275-d1d29acf4d90
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   user_add uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    ERROR   Failed to create GC entry based on uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test (Unable to create SID, missing data)
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   New cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#166
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Detected modify of entry: cn=ipausers,cn=groups,cn=accounts,dc=testrelm,dc=test 6c4ffb2a-0dfd-11eb-8275-d1d29acf4d90
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   group_sync cn=ipausers,cn=groups,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Syncing group in the Global Catalog (del+add)
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   group_del cn=ipausers,cn=groups,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Deleting group from the Global Catalog CN=ipausers,CN=Users,dc=testrelm,dc=test
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   group_add cn=ipausers,cn=groups,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Adding group to the Global Catalog dn: CN=ipausers,CN=Users,dc=testrelm,dc=test
objectClass: top
objectClass: ad-top
objectClass: group
objectClass: securityprincipal
objectClass: nsmemberof
objectClass: gcobject
cn: ipausers
instanceType: 4
name: ipausers
objectGUID:: bQxeYg39Eeudl1JUAJrKUA==
objectSid:: AQQAAAALQxFiXgxt6xH9DVRSl51QypoA
sAMAccountName:  ipausers
sAMAccountType: 268435456
objectCategory: CN=Group,CN=Schema,CN=Configuration,dc=testrelm,dc=test
ntsecuritydescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
member: CN=First User,CN=Users,dc=testrelm,dc=test
groupType: 2
gcuuid: 6c4ffb2a-0dfd-11eb-8275-d1d29acf4d90
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   New cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#4294967295
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Ignoring cookie value
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Detected add of entry: uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test 4592c428-0dff-11eb-8275-d1d29acf4d90
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   user_add uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Adding user to the Global Catalog 
dn: CN=First User,CN=Users,dc=testrelm,dc=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: ad-top
objectClass: ad-organizationalPerson
objectClass: user
objectClass: securityPrincipal
objectClass: posixAccount
objectClass: inetUser
objectClass: gcobject
cn: First User
sn: User
givenName: First
instanceType: 4
displayName: First User
name: First User
objectGUID:: UGjBkA3/EeuOtlJUAJrKUA==
userAccountControl: 66048
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA193Ho+cULaC6bIqW6wMAAA==
sAMAccountName: user1
sAMAccountType: 805306368
userPrincipalName: user1@TESTRELM.TEST
objectCategory: CN=Person,CN=Schema,CN=Configuration,dc=testrelm,dc=test
mail: user1@testrelm.test
uidnumber: 970400003
gidnumber: 970400003
uid: user1
homeDirectory: /home/user1
memberof: cn=ipausers,cn=users,dc=testrelm,dc=test
nTSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO)
gcuuid: 4592c428-0dff-11eb-8275-d1d29acf4d90
2020-10-14T09:26:18Z    33787   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   New cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#167

log 2:

2020-10-14T09:28:26Z    33823   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   get_saved_cookie
2020-10-14T09:28:26Z    33823   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Read cookie master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#167
2020-10-14T09:28:26Z    33823   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   New cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#167
2020-10-14T09:28:26Z    33823   MainThread  ipa-gcsyncd INFO    LDAP bind...
2020-10-14T09:28:26Z    33823   MainThread  ipa-gcsyncd INFO    Commencing sync process
2020-10-14T09:28:26Z    33823   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Current cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#167
2020-10-14T09:28:26Z    33823   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Detected modify of entry: uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test 4592c428-0dff-11eb-8275-d1d29acf4d90
2020-10-14T09:28:26Z    33823   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   user_sync uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:28:26Z    33823   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Syncing user in the Global Catalog (del+add)
2020-10-14T09:28:26Z    33823   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   user_del uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:28:26Z    33823   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Deleting user from the Global Catalog CN=First User,CN=Users,dc=testrelm,dc=test
2020-10-14T09:28:26Z    33823   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   user_add uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:28:26Z    33823   MainThread  ipapython.ipaldap   DEBUG   retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-TESTRELM-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f24527b7d00>
2020-10-14T09:28:26Z    33823   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Adding user to the Global Catalog 
dn: CN=First User,CN=Users,dc=testrelm,dc=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: ad-top
objectClass: ad-organizationalPerson
objectClass: user
objectClass: securityPrincipal
objectClass: posixAccount
objectClass: inetUser
objectClass: gcobject
cn: First User
sn: User
givenName: First
instanceType: 4
displayName: First User
name: First User
objectGUID:: UGjBkA3/EeuOtlJUAJrKUA==
userAccountControl: 66048
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA193Ho+cULaC6bIqW6wMAAA==
sAMAccountName: user1
sAMAccountType: 805306368
userPrincipalName: user1@TESTRELM.TEST
objectCategory: CN=Person,CN=Schema,CN=Configuration,dc=testrelm,dc=test
mail: user1@testrelm.test
uidnumber: 970400003
gidnumber: 970400003
uid: user1
homeDirectory: /home/user1
memberof: cn=ipausers,cn=users,dc=testrelm,dc=test
nTSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO)
gcuuid: 4592c428-0dff-11eb-8275-d1d29acf4d90
2020-10-14T09:28:26Z    33823   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   New cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#167
2020-10-14T09:28:26Z    33823   MainThread  ipaserver.globalcatalog.gcsyncer    INFO    Initial LDAP dump is done, now synchronizing with GC

log 3:

2020-10-14T09:29:01Z    33836   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   get_saved_cookie
2020-10-14T09:29:01Z    33836   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Read cookie master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#167
2020-10-14T09:29:01Z    33836   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   New cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#167
2020-10-14T09:29:01Z    33836   MainThread  ipa-gcsyncd INFO    LDAP bind...
2020-10-14T09:29:01Z    33836   MainThread  ipa-gcsyncd INFO    Commencing sync process
2020-10-14T09:29:01Z    33836   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Current cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#167
2020-10-14T09:29:01Z    33836   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Detected modify of entry: uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test 4592c428-0dff-11eb-8275-d1d29acf4d90
2020-10-14T09:29:01Z    33836   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   user_sync uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:29:01Z    33836   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Syncing user in the Global Catalog (del+add)
2020-10-14T09:29:01Z    33836   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   user_del uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:29:01Z    33836   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Deleting user from the Global Catalog CN=First User,CN=Users,dc=testrelm,dc=test
2020-10-14T09:29:01Z    33836   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   user_add uid=user1,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-14T09:29:01Z    33836   MainThread  ipapython.ipaldap   DEBUG   retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-TESTRELM-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f5f2c237880>
2020-10-14T09:29:01Z    33836   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   Adding user to the Global Catalog 
dn: CN=First User,CN=Users,dc=testrelm,dc=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: ad-top
objectClass: ad-organizationalPerson
objectClass: user
objectClass: securityPrincipal
objectClass: posixAccount
objectClass: inetUser
objectClass: gcobject
cn: First User
sn: User
givenName: First
instanceType: 4
displayName: First User
name: First User
objectGUID:: UGjBkA3/EeuOtlJUAJrKUA==
userAccountControl: 66048
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA193Ho+cULaC6bIqW6wMAAA==
sAMAccountName: user1
sAMAccountType: 805306368
userPrincipalName: user1@TESTRELM.TEST
objectCategory: CN=Person,CN=Schema,CN=Configuration,dc=testrelm,dc=test
mail: user1@testrelm.test
uidnumber: 970400003
gidnumber: 970400003
uid: user1
homeDirectory: /home/user1
memberof: cn=ipausers,cn=users,dc=testrelm,dc=test
nTSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO)
gcuuid: 4592c428-0dff-11eb-8275-d1d29acf4d90
2020-10-14T09:29:01Z    33836   MainThread  ipaserver.globalcatalog.gcsyncer    DEBUG   New cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#167
2020-10-14T09:29:01Z    33836   MainThread  ipaserver.globalcatalog.gcsyncer    INFO    Initial LDAP dump is done, now synchronizing with GC
wladich commented 4 years ago

I have modified gcsyncer to log received attributes: line https://github.com/abbra/freeipa/blob/3c20e952a990b5aa83c927dbc261ba3017f3ebc4/ipaserver/globalcatalog/gcsyncer.py#L295 now reads:

logger.debug('Detected %s of entry: %s %s %s', change_type, dn, uuid, attributes)

and for the following steps 

# ipa user-add RestartChanges --first Restart --last Changes
# sleep 10
# systemctl restart ipa-gcsyncd.service

got following log:

2020-10-27T17:39:13Z    45802   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   Ignoring cookie value
2020-10-27T17:39:13Z    45802   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   Detected add of entry: uid=restartchanges,cn=users,cn=accounts,dc=testrelm,dc=test 4bff5201-187b-11eb-84be-f66b251f9b08 {'objectclass': [b'top', b'person', b'organizationalperson', b'inetorgperson', b'inetuser', b'posixaccount', b'krbprincipalaux', b'krbticketpolicyaux', b'ipaobject', b'ipasshuser', b'ipaSshGroupOfPubKeys', b'mepOriginEntry', b'ipantuserattrs'], 'cn': [b'Restart Changes'], 'displayname': [b'Restart Changes'], 'gidnumber': [b'651200044'], 'givenname': [b'Restart'], 'homedirectory': [b'/home/restartchanges'], 'ipantsecurityidentifier': [b'S-1-5-21-2664081731-2469522770-2147907431-1044'], 'ipauniqueid': [b'53ffe442-187b-11eb-8c31-525400168bca'], 'krbcanonicalname': [b'restartchanges@TESTRELM.TEST'], 'krbprincipalname': [b'restartchanges@TESTRELM.TEST'], 'mail': [b'restartchanges@testrelm.test'], 'memberof': [b'cn=ipausers,cn=groups,cn=accounts,dc=testrelm,dc=test'], 'sn': [b'Changes'], 'uid': [b'restartchanges'], 'uidnumber': [b'651200044']}
2020-10-27T17:39:13Z    45802   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   user_add uid=restartchanges,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-27T17:39:13Z    45802   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   Adding user to the Global Catalog 
dn: CN=Restart Changes,CN=Users,dc=testrelm,dc=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: ad-top
objectClass: ad-organizationalPerson
objectClass: user
objectClass: securityPrincipal
objectClass: posixAccount
objectClass: inetUser
objectClass: gcobject
cn: Restart Changes
sn: Changes
givenName: Restart
instanceType: 4
displayName: Restart Changes
name: Restart Changes
objectGUID:: U//kQhh7EeuMMVJUABaLyg==
userAccountControl: 66048
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAQ6nKnlLtMZNndwaAFAQAAA==
sAMAccountName: restartchanges
sAMAccountType: 805306368
userPrincipalName: restartchanges@TESTRELM.TEST
objectCategory: CN=Person,CN=Schema,CN=Configuration,dc=testrelm,dc=test
mail: restartchanges@testrelm.test
uidnumber: 651200044
gidnumber: 651200044
uid: restartchanges
homeDirectory: /home/restartchanges
memberof: cn=ipausers,cn=users,dc=testrelm,dc=test
nTSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO)
gcuuid: 4bff5201-187b-11eb-84be-f66b251f9b08
2020-10-27T17:39:13Z    45802   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   New cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#663
2020-10-27T17:39:24Z    45802   MainThread      ipa-gcsyncd     INFO    Signal 15 received: Shutting down!
2020-10-27T17:39:24Z    45802   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   save cookie
2020-10-27T17:39:24Z    45802   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   Current cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#663
2020-10-27T17:39:25Z    46080   MainThread      ipalib.plugable DEBUG   importing all plugin modules in ipaserver.plugins...
...
2020-10-27T17:39:25Z    46080   MainThread      ipalib.plugable DEBUG   importing plugin module ipaserver.plugins.xmlserver
2020-10-27T17:39:26Z    46080   MainThread      ipa-gcsyncd     DEBUG   LDAP URL: ldapi://%2Frun%2Fslapd-TESTRELM-TEST.socket/cn%3Daccounts%2Cdc%3Dtestrelm%2Cdc%3Dtest?objectclass,cn,displayname,gidnumber,givenname,homedirectory,ipaexternalmember,ipantsecurityidentifier,ipauniqueid,krbcanonicalname,krbprincipalname,mail,member,memberof,sn,uid,uidnumber?sub?%28%7C%28objectClass%3Dgroupofnames%29%28objectClass%3Dperson%29%29
2020-10-27T17:39:26Z    46080   MainThread      ipapython.ipaldap       DEBUG   retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-GLOBAL-CATALOG.socket conn=<ldap.ldapobject.ReconnectLDAPObject object at 0x7f812ac8e1f0>
2020-10-27T17:39:26Z    46080   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   get_saved_cookie
2020-10-27T17:39:26Z    46080   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   Read cookie master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#663
2020-10-27T17:39:26Z    46080   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   New cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#663
2020-10-27T17:39:26Z    46080   MainThread      ipa-gcsyncd     INFO    LDAP bind...
2020-10-27T17:39:26Z    46080   MainThread      ipa-gcsyncd     INFO    Commencing sync process
2020-10-27T17:39:26Z    46080   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   Current cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#663
2020-10-27T17:39:26Z    46080   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   Detected modify of entry: uid=restartchanges,cn=users,cn=accounts,dc=testrelm,dc=test 4bff5201-187b-11eb-84be-f66b251f9b08 {'ipantsecurityidentifier': [b'S-1-5-21-2664081731-2469522770-2147907431-1044'], 'memberof': [b'cn=ipausers,cn=groups,cn=accounts,dc=testrelm,dc=test'], 'mepmanagedentry': [b'cn=restartchanges,cn=groups,cn=accounts,dc=testrelm,dc=test'], 'givenname': [b'Restart'], 'sn': [b'Changes'], 'uid': [b'restartchanges'], 'cn': [b'Restart Changes'], 'displayname': [b'Restart Changes'], 'initials': [b'RC'], 'gecos': [b'Restart Changes'], 'krbprincipalname': [b'restartchanges@TESTRELM.TEST'], 'objectclass': [b'top', b'person', b'organizationalperson', b'inetorgperson', b'inetuser', b'posixaccount', b'krbprincipalaux', b'krbticketpolicyaux', b'ipaobject', b'ipasshuser', b'ipaSshGroupOfPubKeys', b'mepOriginEntry', b'ipantuserattrs'], 'loginshell': [b'/bin/sh'], 'homedirectory': [b'/home/restartchanges'], 'mail': [b'restartchanges@testrelm.test'], 'krbcanonicalname': [b'restartchanges@TESTRELM.TEST'], 'ipauniqueid': [b'53ffe442-187b-11eb-8c31-525400168bca'], 'uidnumber': [b'651200044'], 'gidnumber': [b'651200044']}
2020-10-27T17:39:26Z    46080   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   user_sync uid=restartchanges,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-27T17:39:26Z    46080   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   Syncing user in the Global Catalog (del+add)
2020-10-27T17:39:26Z    46080   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   user_del uid=restartchanges,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-27T17:39:26Z    46080   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   Deleting user from the Global Catalog CN=Restart Changes,CN=Users,dc=testrelm,dc=test
2020-10-27T17:39:26Z    46080   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   user_add uid=restartchanges,cn=users,cn=accounts,dc=testrelm,dc=test
2020-10-27T17:39:26Z    46080   MainThread      ipapython.ipaldap       DEBUG   retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-TESTRELM-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f812ac8e0a0>
2020-10-27T17:39:26Z    46080   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   Adding user to the Global Catalog 
dn: CN=Restart Changes,CN=Users,dc=testrelm,dc=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: ad-top
objectClass: ad-organizationalPerson
objectClass: user
objectClass: securityPrincipal
objectClass: posixAccount
objectClass: inetUser
objectClass: gcobject
cn: Restart Changes
sn: Changes
givenName: Restart
instanceType: 4
displayName: Restart Changes
name: Restart Changes
objectGUID:: U//kQhh7EeuMMVJUABaLyg==
userAccountControl: 66048
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAQ6nKnlLtMZNndwaAFAQAAA==
sAMAccountName: restartchanges
sAMAccountType: 805306368
userPrincipalName: restartchanges@TESTRELM.TEST
objectCategory: CN=Person,CN=Schema,CN=Configuration,dc=testrelm,dc=test
mail: restartchanges@testrelm.test
uidnumber: 651200044
gidnumber: 651200044
uid: restartchanges
homeDirectory: /home/restartchanges
memberof: cn=ipausers,cn=users,dc=testrelm,dc=test
nTSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO)
gcuuid: 4bff5201-187b-11eb-84be-f66b251f9b08
2020-10-27T17:39:26Z    46080   MainThread      ipaserver.globalcatalog.gcsyncer        DEBUG   New cookie is: master1.testrelm.test:389#cn=Directory Manager:cn=accounts,dc=testrelm,dc=test:(|(objectClass=groupofnames)(objectClass=person))#663
2020-10-27T17:39:26Z    46080   MainThread      ipaserver.globalcatalog.gcsyncer        INFO    Initial LDAP dump is done, now synchronizing with GC
tbordaz commented 4 years ago

When searching with a specific cookie it is possible that sync-repl resend the update that is identified in the cookie. If this is a problem, would you check with DS 1.4.4.6 because it is possilby fixed by https://github.com/389ds/389-ds-base/issues/4329.

wladich commented 4 years ago

The issue affects tests which verify that gcsyncd does not replay the changes when it starts up. Unfortunately I do not know how I could test 389-ds vesrion 1.4.4.6: even F33 has version 1.4.4.5. But for testing I am using F32 as copr repo maintained by @abbra provides packages only for that Fedora. This copr also has custom version of 389-ds-base. @abbra does it contain custom patches or can it be safely replaced with a recent version?

abbra commented 4 years ago

It can be replaced. I'll do that tomorrow

wladich commented 4 years ago

The test is passing with following version:

# dnf info 389-ds-base
Last metadata expiration check: 1:00:56 ago on Wed 02 Dec 2020 10:19:11 AM UTC.
Installed Packages
Name         : 389-ds-base
Version      : 1.4.4.8
Release      : 1.fc32
Architecture : x86_64
Size         : 5.8 M
Source       : 389-ds-base-1.4.4.8-1.fc32.src.rpm
Repository   : @System
From repo    : copr:copr.fedorainfracloud.org:abbra:gc-wip
Summary      : 389 Directory Server (base)
URL          : https://www.port389.org
License      : GPLv3+
Description  : 389 Directory Server is an LDAPv3 compliant server.  The base package includes
             : the LDAP server and command line utilities for server administration.