[Freeipa-users] adding replication agreements
Rob Crittenden
rcritten at redhat.com
Tue Nov 4 14:17:30 UTC 2014
Shashi Dahal wrote:
> Hi Rob,
>
> From server A and server B(itself), if I give that command, i get:
>
> last update status: -1 - LDAP error: Can't contact LDAP server
I'd start with checking basic connectivity to ensure that A/B can talk
to port 389 on C.
> From server C, I get:
> Cannot find cab0558.sdn1.ams1.spil in public server list
This suggests that even C doesn't think it is a master.
# ipa-replica-manage list
On C will show what it thinks is the list of available masters.
I'd also look at the replication agreements that C has:
# ldapsearch -x -D 'cn=directory manager' -W -b 'cn=mapping tree,cn=config'
rob
> Please let me know what steps to do next. I am completely lost.
>
>
> Thanks,
> Shashi
>
> ________________________________________
> From: Rob Crittenden [rcritten at redhat.com]
> Sent: Thursday, October 30, 2014 4:31 PM
> To: Shashi Dahal; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] adding replication agreements
>
> Shashi Dahal wrote:
>> Hi,
>>
>> I have ipa master server: A
>> and I have 2 ipa replicas: B and C
>>
>>
>> replica B crashed, so it was deleted from A and recreated using
>> ipa-replica-parepare to generate the file and set it up from there.
>>
>>
>> in server A B and C, if I do ipa-replica-manage list
>>
>> serverA lists A B and C as master
>> serverB lists A B and C as master
>> serverC lists only A and C as master .. B is missing.
>>
>> trying the command ipa-replica-manage connect B from serverC
>> gives: You cannot connect to a previously deleted master
>>
>>
>> now how do I add trust relationship between C and B ?
>
> I changed the subject as this isn't trust, it's replication. I don't
> want to be pedantic but there is a significant difference.
>
> What I'd do, on each master, is this:
>
> ipa-replica-manage list -v `hostname`
>
> I think you'll find that C isn't getting updates. The masters list is
> stored in LDAP so if C doesn't know that B exists it likely means that
> its data is stale.
>
> rob
>
More information about the Freeipa-users
mailing list