[389-users] How to restore replica admin in the master

[John A. Sullivan III]

On Thu, 2009-09-03 at 13:50 -0400, Mister Anonyme wrote:
> Hi,
> 
> I have two masters (in multi-master mode, they replicate each other)
> and 6 slaves.
> 
> I added a new schema file in /etc/dirsrv/slapd-XXX/schema and I
> restarted all dirsrv.  I learned later that I had to stop the
> replication before adding a new schema file.  Because of that, the
> netscaperoot seems to be corrupted because I wasn't able to do
> replication between two masters.
> 
> So, I had to completely re-install two masters and re-import the
> database but is there a way to re-configure the admin part of each
> replica (slave) servers ?  I could completely re-install slaves too
> but if I can reconfigure the admin so I can see all replicas in the
> Redhat Management Console, it would be nice.
> 
<snip>
Ouch! I think I understand.  Unfortunately, I'm on the run and can't
explore it in detail but here is an excerpt from our internal
documentation on restoring the admin relationship between slave and
master and losing and then restoring the master from the slave database:

Once the data is restored, we need to tell LDAP1 that it is the
configuration master and that LDAP2 uses it.
On LDAP1 run "register-ds-admin.pl"
Then, on LDAP2 run "setup-ds-admin.pl -u" but, for some reason, it
insists on installing the CA cert and, since it already exists in the
database, it errors.  So we first remove the existing CA cert:
cd /etc/dirsrv/admin-serv
certutil -D -d . -n "CA certificate"
then run setup-ds-admin.pl -u and take defaults except we must enter the
path the to CA cert (/etc/dirsrv/admin-serv/MyCA.pem).

Hope this helps.  I think the original threads where Rich Megginson
helped us through this scenario are still in the archive.  Good luck -
John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society