[Freeipa-users] Dogtag reinitialization
Lucas Yamanishi
lyamanishi at sesda2.com
Wed Aug 8 22:10:42 UTC 2012
I wouldn't even know what to look for.
/var/lib/dirsrv/slapd-PKI-IPA/error is like a debug log. All I can tell
you is that I ran "ipa-csreplica-manage re-initialize --from master" on
my replica, then on my "master" a few minutes later.
-----
*question everything*learn something*answer nothing*
------------
Lucas Yamanishi
------------------
Systems Administrator, ADNET Systems, Inc.
NASA Space and Earth Science Data Analysis (606.9)
7515 Mission Drive, Suite A100
Lanham, MD 20706 * 301-352-4646 * 0xE23F3D7A
On 08/08/2012 05:36 PM, Rob Crittenden wrote:
> Lucas Yamanishi wrote:
>> Is there any way to completely reinitialize the Dogtag instance
>> atomically?
>>
>> My PKI-IPA directory looks like this:
>>
>>> ldapsearch -x -h localhost -p 7389 -D "cn=directory manager" -W -b
>>> 'o=ipaca' 'objectClass=*'
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <o=ipaca> with scope subtree
>>> # filter: objectClass=*
>>> # requesting: ALL
>>> #
>>>
>>> # ipaca
>>> dn: o=ipaca
>>> objectClass: top
>>> objectClass: organization
>>> o: ipaca
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 2
>>> # numEntries: 1
>>
>> It's like that on both my master and replica, and my backups don't go
>> back far enough. I think something happened during replica management,
>> but I'm not sure. I haven't used the full range of PKI features up to
>> this point, so this isn't a huge issue for me just yet. In any case, I
>> imagine it will become a big deal at some point, if not for my usage,
>> for management of the IPA instance as a whole.
>>
>> So, how can I fix this? I do have the private key, if that's any use.
>
> I'm not sure what would cause every single entry to be removed. Do the
> logs shed any light on this?
>
> rob
>
>
>
More information about the Freeipa-users
mailing list