Replication fails with the error "Consumer failed to replay change (uniqueid xx, CSN xx): Server is unwilling to perform (53). Will retry later "
Issue
LDAP replication started to fail with several error messages after a configuration change to try enable fine-grained password policy.
What are the recommended best practice to configure Red Hat Directory Server password policies?
The events in /var/log/dirsrv/slapd-example/errors were:
[04/Mar/2012:13:27:18 -0500] NSMMReplicationPlugin - agmt="cn=test-replication" (ldap56:389): Consumer failed to replay change (uniqueid b0461981-662611e1-bd268601-f3e9af2f, CSN 4f53b400000000010000): DSA is unwilling to perform. Will retry later.
And with fractional replication to exclude several account policy attributes:
[04/Mar/2012:13:33:05 -0500] NSMMReplicationPlugin - agmt="cn=test-replication" (ldap56:389): Failed to send modify operation: LDAP error 89 (Bad parameter to an ldap routine)
[04/Mar/2012:13:33:05 -0500] NSMMReplicationPlugin - agmt="cn=test-replication" (ldap56:389): Failed to send update operation to consumer (uniqueid b0461981-662611e1-bd268601-f3e9af2f, CSN 4f53b400000000010000): Timed out. Will retry later.
[04/Mar/2012:13:33:11 -0500] NSMMReplicationPlugin - agmt="cn=test-replication" (ldap56:389): Failed to send modify operation: LDAP error 89 (Bad parameter to an ldap routine)
And a replica access logs shows the error 53 / "unwilling to perform" during the replication process:
conn=4670 op=13453 RESULT err=53 tag=103 nentries=0 etime=0
Environment
- Red Hat Directory Server (All versions)
- Red Hat Enterprise Linux 7,8,9
- Multi Master Replication
- Single Master Replication
- Account Policies are configured to lock users on un-succesfull logins.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
