[Freeipa-users] FreeIPA web UI Freezing up
Rich Megginson
rmeggins at redhat.com
Mon Jun 8 19:29:15 UTC 2015
On 06/08/2015 01:19 PM, nathan at nathanpeters.com wrote:
>>> ==============
>>> um WTF? making it a one way only agreement invalidates the
>>> lastinitstart
>>> value?
>>> ==============
>> Looks like a bug.
> Ok, this is a pretty serious bug if making it one way can knock it offline
> permanently. Where should I file this bug report?
https://fedorahosted.org/freeipa/newticket
>
>> ipa-replica-manage re-initialize?
>>
>>
>>
> That seemed to work. I would have tried that already but the command does
> not indicate that is a valid option. Running ipa-replica-manage --help
> does not even list re-initialize as a valid option. See output below.
That looks like a bug too. However, the man page gives much more
information, including the re-initialize command.
>
> [root at dc1 slapd-IPADOMAIN-NET]# ipa-replica-manage re-initialize
> Directory Manager password:
>
> re-initialize requires the option --from <host name>
> [root at dc1 slapd-IPADOMAIN-NET]# ipa-replica-manage --help
> Usage: ipa-replica-manage [options]
>
> Options:
> --version show program's version number and exit
> -h, --help show this help message and exit
> -H HOST, --host=HOST starting host
> -p DIRMAN_PASSWD, --password=DIRMAN_PASSWD
> Directory Manager password
> -v, --verbose provide additional information
> -f, --force ignore some types of errors
> -c, --cleanup DANGER: clean up references to a ghost master
> --binddn=BINDDN Bind DN to use with remote server
> --bindpw=BINDPW Password for Bind DN to use with remote server
> --winsync This is a Windows Sync Agreement
> --cacert=CACERT Full path and filename of CA certificate to use with
> TLS/SSL to the remote server
> --win-subtree=WIN_SUBTREE
> DN of Windows subtree containing the users you
> want to
> sync (default cn=Users,<domain suffix)
> --passsync=PASSSYNC Password for the IPA system user used by the Windows
> PassSync plugin to synchronize passwords
> --from=FROMHOST Host to get data from
> --no-lookup do not perform DNS lookup checks
> [root at dc1 slapd-IPADOMAIN-NET]# ipa-replica-manage re-initialize
> --from=officedc2.office.addomain.net
> Directory Manager password:
>
> Update in progress, 30 seconds elapsed
> Update succeeded
>
> [root at dc1 slapd-IPADOMAIN-NET]# ldapsearch -xLLL -D "cn=directory manager"
> -W -b cn=config objectclass=nsDSWindowsReplicationAgreement
> Enter LDAP Password:
> dn: cn=meToofficedc2.office.addomain.net,cn=replica,cn=dc\3Dipadomain
> \2Cdc\3Dnet,cn=mapping tree,cn=config
> nsds7WindowsReplicaSubtree: OU=Staff,DC=office,DC=addomain,DC=net
> nsds7DirectoryReplicaSubtree: cn=users,cn=accounts,dc=ipadomain,dc=net
> cn: meToofficedc2.office.addomain.net
> nsds7NewWinGroupSyncEnabled: false
> objectClass: nsDSWindowsReplicationAgreement
> objectClass: top
> nsDS5ReplicaTransportInfo: TLS
> description: me to officedc2.office.addomain.net
> nsDS5ReplicaRoot: dc=ipadomain,dc=net
> nsDS5ReplicaHost: officedc2.office.addomain.net
> nsds5replicaTimeout: 120
> nsDS5ReplicaBindDN: cn=freeipa syncuser,ou=Service
> Account,dc=office,dc=addomain,dc=net
> nsds7NewWinUserSyncEnabled: true
> nsDS5ReplicaPort: 389
> nsds7WindowsDomain: ipadomain.net
> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof
> idnssoaserial
> entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
> nsDS5ReplicaBindMethod: simple
> nsDS5ReplicaCredentials:
> {AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRVVHQ1NxR1NJYjNEUUVG
> RERBNEJDUmtOelUzTTJJNVlpMDBaV1EyTTJRMQ0KWXkwNU0yTm1aV05sTVMxbU5qRXpaak5oTlFBQ
> 0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQ2k0N0NxRGZFd2JIdm
> I0MFVFZVI3MA==}gWI9NIB8lbt9tmNszzbBFCAe4Vs/e0sMyn5+NZPJg9E=
> nsds7DirsyncCookie::
> TVNEUwMAAAD1pLkYH6LQAQAAAAAAAAAAYAEAAO1GoQAAAAAAAAAAAAAAA
> ADtRqEAAAAAAMUjuImqVZhBkOkdt24C0IsBAAAAAAAAAA4AAAAAAAAAY4GwFkVcvEmMMExrVon4d6
> 13PwAAAAAADGzFNzznrESIxHzA74fbs4W3MAAAAAAAOnFoO5OE2E27lR/g4EcjQTLbIwAAAAAAuEm
> PWjYok0qGS0HM/+TDmK7FgAMAAAAA6PTFXvAdnkaJSIkZT1lS+xRDIgAAAAAA4qTQaC46/Ua4KXgP
> /ixNcbjpVAAAAAAAWowbgYD1akibZ+sCul5C4eNmLQAAAAAAxSO4iapVmEGQ6R23bgLQi+9GoQAAA
> AAAogC6jFcyFUmhBp4B7FkaBbAvnQEAAAAAyhKMxsP0uUKGEnG2lsyA8eTUwgYAAAAA4n8Xx1bAlU
> mBUl3zhlZ9WBngDAAAAAAA71vM2ebFEkCJkBaLjB4CGU+4CQMAAAAAGfO+4ndZCkaVKnwZNlNsf90
> NDAAAAAAAgD6n+M2bcUGkOwo5gPLx7IOjAwAAAAAA
> nsds50ruv: {replicageneration} 553fe9bb000000040000
> nsds50ruv: {replica 4 ldap://dc1.ipadomain.net:389} 553fe9c9
> 000000040000 5575e79e000000040000
> nsds50ruv: {replica 3 ldap://dc2.ipadomain.net:389} 553fe9c
> 4000000030000 557244db001700030000
> nsruvReplicaLastModified: {replica 4 ldap://dc1.ipadomain.ne
> t:389} 5575e704
> nsruvReplicaLastModified: {replica 3 ldap://dc2.ipadomain.n
> et:389} 00000000
> oneWaySync: fromWindows
> nsds5ReplicaEnabled: on
> nsds5replicareapactive: 0
> nsds5replicaLastUpdateStart: 20150608191201Z
> nsds5replicaLastUpdateEnd: 20150608191201Z
> nsds5replicaChangesSentSinceStartup:: NDo0My8wIA==
> nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental
> upd
> ate succeeded
> nsds5replicaUpdateInProgress: FALSE
> nsds5replicaLastInitStart: 20150608191038Z
> nsds5replicaLastInitEnd: 20150608191109Z
> nsds5replicaLastInitStatus: 0 Total update succeeded
>
>
More information about the Freeipa-users
mailing list