<html><head>
<meta content="text/html; charset=windows-1252" 
http-equiv="Content-Type">
</head><body style="font-family: tt; font-size: 11pt;" bgcolor="#FFFFFF"
 text="#000000"><div style="font-size: 11pt;font-family: tt;"><span 
style="font-weight: bold;"></span><blockquote 
class="__pbForwardBlockQuote" style="border: 0px none; font-weight: 
bold;" cite="mid:572CF03B.6000909@linuxguru.co" type="cite"><div 
class="__pbConvBody" __pbrmquotes="false" 
style="color:#888888;margin-left:24px;margin-right:24px;">I am running 
the latest FreeIPA on CentOS 7.2.
<br>
<br>I noticed I had a “nsds5ReplConflict” with an item, i tried to 
follow 
the webpage to rename and delete but that failed. I then tried to have 
ipa1-i2x reload from ipa01-aws instance, now now it seems to have gone 
maybe worse?
<br>can you please advise how to get back to a healthy system. I 
initially 
added a system account as recommended so i could have say like 
Jira/Confluence do User searches against IDM.
<br>
<br>[dacosta@ipa1-i2x ~]$ ldapsearch -x -D "cn=directory manager" -w 
‘password' -b "dc=rsinc,dc=local" "nsds5ReplConflict=*" \* 
nsds5ReplConflict
<br># extended LDIF
<br>#
<br># LDAPv3
<br># base <dc=rsinc,dc=local> with scope subtree
<br># filter: nsds5ReplConflict=*
<br># requesting: * nsds5ReplConflict
<br>#
<br>
<br># 7ad08581-059911e6-b55c83a4-93228cdf + ldapsearch, sysaccounts, 
etc, 
rsinc.loc
<br>al
<br>dn: 
nsuniqueid=7ad08581-059911e6-b55c83a4-93228cdf+uid=ldapsearch,cn=sysaccoun
<br>ts,cn=etc,dc=rsinc,dc=local
<br>userPassword:: e1NTSEF9M3krdTh5TkdYV=
<br>=
<br>uid: ldapsearch
<br>objectClass: account
<br>objectClass: simplesecurityobject
<br>objectClass: top
<br>nsds5ReplConflict: namingConflict 
uid=ldapsearch,cn=sysaccounts,cn=etc,dc=rsin
<br>c,dc=local
<br>
<br># search result
<br>search: 2
<br>result: 0 Success
<br>
<br># numResponses: 2
<br># numEntries: 1
<br>
<br>[dacosta@ipa1-i2x ~]$ ./ipa_check_consistency -H "ipa1-i2x.local 
ipa01-aws.rsinc.local" -d RSINC.LOCAL
<br>Directory Manager password:
<br>FreeIPA servers: ipa1-i2x ipa01-aws STATE
<br>===================================================
<br>Active Users ERROR 33 FAIL
<br>Stage Users ERROR 0 FAIL
<br>Preserved Users ERROR 0 FAIL
<br>User Groups ERROR 7 FAIL
<br>Hosts ERROR 82 FAIL
<br>Host Groups ERROR 1 FAIL
<br>HBAC Rules ERROR 2 FAIL
<br>SUDO Rules ERROR 4 FAIL
<br>DNS Zones ERROR 14 FAIL
<br>LDAP Conflicts ERROR YES FAIL
<br>Anonymous BIND ERROR on FAIL
<br>Replication Status ipa02-aws 0
<br>ipa1-i2x 0
<br>===================================================
<br>
<br>
<br>[dacosta@ipa1-i2x ~]$ ipa-replica-manage list
<br>ipa: WARNING: session memcached servers not running
<br>ipa02-aws.rsinc.local: master
<br>ipa01-aws.rsinc.local: master
<br>ipa1-i2x.rsinc.local: master
<br>
<br>
<br>Devin Acosta
<br>Linux Certified Engineer
<br>e: <a class="moz-txt-link-abbreviated" href="mailto:devin@linuxguru.co">devin@linuxguru.co</a>
<br>
<br>

</div></blockquote><br style="font-weight: bold;"></div></body></html>