Anonymous_User Absent Member.
Absent Member.
349 views

LDAD Time Sync Error when creating user


Hi, we have a web service for eDirectory 8.8 SP5 that creates a few
users and does a couple other services. When the web service it
configured to connect to 1 of the 2 eDirectory servers (1 is a master,
and the other is read/write replica) then everything works just fine
(both server work just fine as long as you only connect to one of them
only). However, we tried to add redundancy by putting a load balancer
in front of the 2 eDir servers. When we use the VIP to make the LDAP
connection, we keep on getting this error when we try to create a user:

Caused by: LDAPException: Other (80) Other
LDAPException: Server Message: NDS error: time not synchronized (-659)
LDAPException: Matched DN:
at com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
at com.novell.ldap.LDAPConnection.chkResultCode(Unknown Source)
at com.novell.ldap.LDAPConnection.modify(Unknown Source)
at com.novell.ldap.LDAPConnection.modify(Unknown Source)


I've ran ndsrepair -T and the time looks like it is synched and both
servers are running NTP. Do you know what could be causing this
problem? Also, it isn't the LB connection itself b/c everything works
fine if we disable one of the servers in the LB and still use the VIP
just to connect to just 1 server.

Thanks


--
Kalin35
------------------------------------------------------------------------
Kalin35's Profile: http://forums.novell.com/member.php?userid=72672
View this thread: http://forums.novell.com/showthread.php?t=421486

Labels (1)
0 Likes
1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: LDAD Time Sync Error when creating user

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can you tell us more about the changes taking place? For example, I
believe this can happen if you modify objectA on replica0 and then modify
objectA in another way on replica1. Timestamps on objects are made up of
the seconds since 1970 followed by a replica number (each replica's is
unique) and then an event number. As a result perhaps eDir feels time is
out of sync when it makes a change on a box and then the other replica
synchronizes in changes it received just a second earlier from your
application. It may be tricky to isolate if this is the case but it
should be possible with a bit of analysis. In the meantime you may want
to ensure your application (or your VIP) batches changes to one box and
then to the other as much as possible. The benefit of multi-master
replication (which eDirectory does by default) is you can write changes to
multiple boxes simultaneously, but the challenge is the same and requires
a way to resolve differences using transitive vectors which are made up of
those timestamps.

Good luck.





On 09/21/2010 04:06 PM, Kalin35 wrote:
>
> Hi, we have a web service for eDirectory 8.8 SP5 that creates a few
> users and does a couple other services. When the web service it
> configured to connect to 1 of the 2 eDirectory servers (1 is a master,
> and the other is read/write replica) then everything works just fine
> (both server work just fine as long as you only connect to one of them
> only). However, we tried to add redundancy by putting a load balancer
> in front of the 2 eDir servers. When we use the VIP to make the LDAP
> connection, we keep on getting this error when we try to create a user:
>
> Caused by: LDAPException: Other (80) Other
> LDAPException: Server Message: NDS error: time not synchronized (-659)
> LDAPException: Matched DN:
> at com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
> at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
> at com.novell.ldap.LDAPConnection.chkResultCode(Unknown Source)
> at com.novell.ldap.LDAPConnection.modify(Unknown Source)
> at com.novell.ldap.LDAPConnection.modify(Unknown Source)
>
>
> I've ran ndsrepair -T and the time looks like it is synched and both
> servers are running NTP. Do you know what could be causing this
> problem? Also, it isn't the LB connection itself b/c everything works
> fine if we disable one of the servers in the LB and still use the VIP
> just to connect to just 1 server.
>
> Thanks
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMmTgcAAoJEF+XTK08PnB5F70QAI2FqxmouSLjb2CZYOgEPE14
8sIKFJmskkQJBInS41vT0HOllbKzTQwVel99facLbr425piggCX6tN9r0U4Pnoil
0jBdjb/HX6qy1E1gcCQWlMLFNjKw7pG8kY+iT+lteAjrjU0h5uJB2JYoX5KXaKQX
8GDCW38mXuWLX6x9WEwZ0WXMlU/Xbynjs8R1k9LY34pxK9Map2pADZKO8TT7V8Hs
zG7ZMmsMeos/3vgbc5sUmflGGpmivmhihp7RZE8ME5FvKRC1ximsaEqLrWNrpT1H
IAnnBgG5vdcOcDDIiYKnTIj2JYMhb4JapxaNyQurIDgAbBQo1gyyWmYJlRfe+pQP
TjIQHRTVZQdy4Y98G2RisNbSwZMv8zC1buDDq1njCYS/OO/3rqo3/yL5bh2n/pjf
e6WMVAzsihd/csc9vOW7Z/9X0apKrckZUorhftdrEJCWOdnOXOx1MaZXhl0ppAKy
sdJU12wdFMUi32F79yjxrcriUq/Hh3w76vT9nVXUR9XuSIXR77uuWtvBt/qSNAqt
9IOL64jMHPw/AGyBTrvdp+Xz8MVkVzwXotctamACVmTeZ6bhFzPigfZ72zTQwHDV
QNF3Mql5hw1LdgwytgeIzbAuHYZdml2b2e+esU5DkEZNegpFYjgptZSAohzTCQMH
pY9I+p8g4ca4urXWtzpp
=AZgR
-----END PGP SIGNATURE-----
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.