[Freeipa-users] Badly corrupted IPA
Bret Wortman
bret.wortman at damascusgrp.com
Thu Mar 27 14:19:55 UTC 2014
That worked like a champ. As always.
Thanks, Rob.
Bret
On 03/27/2014 10:08 AM, Rob Crittenden wrote:
> Bret Wortman wrote:
>> BTW, this also fails when using the web UI -- I can see the entry but
>> not delete it.
>
> It sounds like you have a replication conflict entry. Try this search:
>
> $ ldapsearch -Y GSSAPI -b cn=computers,cn=accounts,dc=example,dc=com
> fdqdn=myhost.example.com
>
> You'll probably get something with a dn that includes a nsuniqueid in
> it. That is the conflict entry. IPA can find the host because it
> searches by fqdn too, but it deletes by generating the direct DN and
> since it doesn't match, no delete.
>
> You can delete the wayward entry using ldapdelete.
>
> rob
>
>>
>> On 03/27/2014 09:02 AM, Bret Wortman wrote:
>>> My IPA corruption continues and I'm afraid I'm going to have to
>>> recreate it from scratch since no reasonable means of backup exists
>>> (which I understand -- that's not my complaint).
>>>
>>> Here's what I'm facing:
>>>
>>> # script -c 'ipa host-find mw79.damascusgrp.com'
>>> Script started, file is typescript
>>> --------------
>>> 1 host matched
>>> --------------
>>> Host name: mw79.damascusgrp.com
>>> Principal name: host/mw79.damascusgrp.com at DAMASCUSGRP.COM
>>> Password: False
>>> Member of host-groups: allow_all_hosts
>>> Indirect Member of HBAC rule: allow_all_users_services
>>> Keytab: False
>>> SSH public key fingerprint: [snip] (ssh-dss)
>>>
>>> ----------------------------
>>> Number of entries returned 1
>>> ----------------------------
>>> Script done, file is typescript
>>> # script -c 'ipa host-del mw79.damascusgrp.com'
>>> Script started, file is typescript
>>> ipa: ERROR: mw79.damascusgrp.com: host not found
>>> Script done, file is typescript
>>> #
>>>
>>> I had unenrolled this host and was attempting to re-enroll it, and
>>> this is preventing its re-enrollment. Any ideas of how to force
>>> deletion of this host entry? I'm not LDAP savvy enough to just go in
>>> and start whacking LDAP entries myself, and given that my IPA database
>>> has gotten corrupted enough that no IPA CLI command can run without
>>> being wrapped in "script" or "strace" or similar, I'm hesitant to go
>>> too far. This machine, however, is my program manager's workstation,
>>> so it's pretty important to get back up and running.
>>>
>>> Thanks,
>>>
>>>
>>> --
>>> *Bret Wortman*
>>>
>>> http://damascusgrp.com/
>>> http://about.me/wortmanbret
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140327/8cf5c495/attachment.p7s>
More information about the Freeipa-users
mailing list