[Freeipa-users] Dogtag reinitialization
Rob Crittenden
rcritten at redhat.com
Wed Aug 8 21:36:13 UTC 2012
Lucas Yamanishi wrote:
> Is there any way to completely reinitialize the Dogtag instance atomically?
>
> My PKI-IPA directory looks like this:
>
>> ldapsearch -x -h localhost -p 7389 -D "cn=directory manager" -W -b 'o=ipaca' 'objectClass=*'
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <o=ipaca> with scope subtree
>> # filter: objectClass=*
>> # requesting: ALL
>> #
>>
>> # ipaca
>> dn: o=ipaca
>> objectClass: top
>> objectClass: organization
>> o: ipaca
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>
> It's like that on both my master and replica, and my backups don't go
> back far enough. I think something happened during replica management,
> but I'm not sure. I haven't used the full range of PKI features up to
> this point, so this isn't a huge issue for me just yet. In any case, I
> imagine it will become a big deal at some point, if not for my usage,
> for management of the IPA instance as a whole.
>
> So, how can I fix this? I do have the private key, if that's any use.
I'm not sure what would cause every single entry to be removed. Do the
logs shed any light on this?
rob
More information about the Freeipa-users
mailing list