[Freeipa-users] Deleting a down ipa master?

Rob Crittenden rcritten at redhat.com
Thu May 2 20:36:07 UTC 2013 

Nathan wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> On 05/02/2013 02:48 PM, Rob Crittenden wrote:
>> Nathan wrote:
>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>
>>>
>>>
>>> On 05/02/2013 01:56 PM, Rob Crittenden wrote:
>>>> $ ldapsearch -LLL -x -b
>>>> cn=oldmaster.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com
>>>>
>>>>
> dn
>>>>
>>>> Then carefully paste each dn, minus the dn:, in REVERSE order,
>>>> to:
>>>>
>>>> $ ldapdelete -x -D 'cn=Directory Manager' -w cn=HTTP...
>>>> cn=ldap...
>>>>
>>>> ^D to exit
>>>
>>> My ipa domain is "systems.lafayette.edu", so I had to work that
>>> into your search string, but I think I have it.
>>>
>>> So, here's some output.
>>>
>>> [root at caroline0 PROD ~]# ldapsearch -LLL -x -b
>>> cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu
>>>
>>>
>>>
> dn
>>> dn:
>>> cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayett
>>>
>>>
>>>
> e,dc=edu
>>>
>>> So, from your ldapdelete example, would I.....
>>>
>>> $ ldapdelete -x -D 'cn=Directory Manager' -w
>>> cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu
>>>
>>>
>>>
> ^D
>>
>> Yup, use -W to prompt, or -w <password> to pass on cli.
>>
>> Note that this confirms that IPA doesn't think this server is
>> actually providing any services.
>>
>> rob
>>
>
> This seems to have done the trick!
>
> [root at caroline0 PROD ~]# ldapdelete -x -D 'cn=Directory Manager' -W
> cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu
>
> Enter LDAP Password:
> [root at caroline0 PROD ~]# ldapsearch -LLL -x -b
> cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu
> dn
> No such object (32)
> Matched DN: cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu
> [root at caroline0 PROD ~]# ls
> anaconda-ks.cfg  ca-agent.p12  cacert.p12  cobbler.ks  install.log
> install.log.syslog  ks-rhn-post.log  RPM-GPG-KEY-lafayette
> [root at caroline0 PROD ~]# ipa-replica-manage list
> caroline0.lafayette.edu: master
> caroline2.lafayette.edu: master
>

Great, glad it worked.

rob

More information about the Freeipa-users mailing list