[Freeipa-users] Cleaning a host that is both present & not found

[Rob Crittenden]

Steven Jones wrote:
> HI,
>
> Looks like I have this at present as well.
>
> The advice off RH support is to run an ldapdelete but Im waiting on the complete syntax off them and why its happened.
>
> Meantime I have 2 machines in this state, no one can login.
>
> :/
>
> So what they have said is,
>
> ==========
> Hello Steven, I am still going through all the data available in this case, but it looks like you should be able to fix this problem by deleting the following two entries using ldapdelete: dn: nsuniqueid=fdda5001-0cf511e2-8bfdc792-b25c661e,cn=computers,cn=accounts,dc =ods,dc=vuw,dc=ac,dc=nz dn: idnsName=vuwunicosldedt2,idnsname=ods.vuw.ac.nz,cn=dns,dc=ods,dc=vuw,dc=ac ,dc=nz
> =========
>
> case number is 00716456, if you have RH support maybe link it?  so if its a clear bug it gets addressed.

The second entry he suggests deleting is your DNS entry, that does not 
need to be touched.

This looks like a replication conflict. The same host must have been 
created on two separate masters while replication was down. This will 
result in the nsuniqueid entry. You need to manually resolve the 
differences between the two but as of yet IPA doesn't provide any tools 
to help manage this process.

Basically you'll want to merge any values from the entry whose dn is 
nsuniqueid=...,cn=computers to the equivalen fqdn=...,cn=computers 
entry. This is if you want to preserve any existing keytabs, 
certificates, etc. I may be fine to just remove both entries and start 
over. Note that you need to be careful not to orphan any service entries 
that may be associated with the host.

You'll want to base your searches on cn=computers,cn=accounts,dc 
=ods,dc=vuw,dc=ac,dc=nz to get only the matching host(s).

The delete is failing because we expect only one host to be found but 
two are so we throw our hands up. A better error message would make this 
clearer. If you look in the Apache error log you may see it returns 
SingleMatchExpected.

rob