[Freeipa-users] FreeIPA web UI Freezing up

Rich Megginson rmeggins at redhat.com
Mon Jun 8 19:29:15 UTC 2015 

On 06/08/2015 01:19 PM, nathan at nathanpeters.com wrote:
>>> ==============
>>> um WTF?  making it a one way only agreement invalidates the
>>> lastinitstart
>>> value?
>>> ==============
>> Looks like a bug.
> Ok, this is a pretty serious bug if making it one way can knock it offline
> permanently.  Where should I file this bug report?

https://fedorahosted.org/freeipa/newticket

>
>> ipa-replica-manage re-initialize?
>>
>>
>>
> That seemed to work.  I would have tried that already but the command does
> not indicate that is a valid option.  Running ipa-replica-manage --help
> does not even list re-initialize as a valid option.  See output below.

That looks like a bug too.   However, the man page gives much more 
information, including the re-initialize command.

>
> [root at dc1 slapd-IPADOMAIN-NET]# ipa-replica-manage re-initialize
> Directory Manager password:
>
> re-initialize requires the option --from <host name>
> [root at dc1 slapd-IPADOMAIN-NET]# ipa-replica-manage --help
> Usage: ipa-replica-manage [options]
>
> Options:
>    --version             show program's version number and exit
>    -h, --help            show this help message and exit
>    -H HOST, --host=HOST  starting host
>    -p DIRMAN_PASSWD, --password=DIRMAN_PASSWD
>                          Directory Manager password
>    -v, --verbose         provide additional information
>    -f, --force           ignore some types of errors
>    -c, --cleanup         DANGER: clean up references to a ghost master
>    --binddn=BINDDN       Bind DN to use with remote server
>    --bindpw=BINDPW       Password for Bind DN to use with remote server
>    --winsync             This is a Windows Sync Agreement
>    --cacert=CACERT       Full path and filename of CA certificate to use with
>                          TLS/SSL to the remote server
>    --win-subtree=WIN_SUBTREE
>                          DN of Windows subtree containing the users you
> want to
>                          sync (default cn=Users,<domain suffix)
>    --passsync=PASSSYNC   Password for the IPA system user used by the Windows
>                          PassSync plugin to synchronize passwords
>    --from=FROMHOST       Host to get data from
>    --no-lookup           do not perform DNS lookup checks
> [root at dc1 slapd-IPADOMAIN-NET]# ipa-replica-manage re-initialize
> --from=officedc2.office.addomain.net
> Directory Manager password:
>
> Update in progress, 30 seconds elapsed
> Update succeeded
>
> [root at dc1 slapd-IPADOMAIN-NET]# ldapsearch -xLLL -D "cn=directory manager"
> -W -b cn=config objectclass=nsDSWindowsReplicationAgreement
> Enter LDAP Password:
> dn: cn=meToofficedc2.office.addomain.net,cn=replica,cn=dc\3Dipadomain
>   \2Cdc\3Dnet,cn=mapping tree,cn=config
> nsds7WindowsReplicaSubtree: OU=Staff,DC=office,DC=addomain,DC=net
> nsds7DirectoryReplicaSubtree: cn=users,cn=accounts,dc=ipadomain,dc=net
> cn: meToofficedc2.office.addomain.net
> nsds7NewWinGroupSyncEnabled: false
> objectClass: nsDSWindowsReplicationAgreement
> objectClass: top
> nsDS5ReplicaTransportInfo: TLS
> description: me to officedc2.office.addomain.net
> nsDS5ReplicaRoot: dc=ipadomain,dc=net
> nsDS5ReplicaHost: officedc2.office.addomain.net
> nsds5replicaTimeout: 120
> nsDS5ReplicaBindDN: cn=freeipa syncuser,ou=Service
> Account,dc=office,dc=addomain,dc=net
> nsds7NewWinUserSyncEnabled: true
> nsDS5ReplicaPort: 389
> nsds7WindowsDomain: ipadomain.net
> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof
> idnssoaserial
>    entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
> nsDS5ReplicaBindMethod: simple
> nsDS5ReplicaCredentials:
> {AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRVVHQ1NxR1NJYjNEUUVG
>   RERBNEJDUmtOelUzTTJJNVlpMDBaV1EyTTJRMQ0KWXkwNU0yTm1aV05sTVMxbU5qRXpaak5oTlFBQ
>   0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQ2k0N0NxRGZFd2JIdm
>   I0MFVFZVI3MA==}gWI9NIB8lbt9tmNszzbBFCAe4Vs/e0sMyn5+NZPJg9E=
> nsds7DirsyncCookie::
> TVNEUwMAAAD1pLkYH6LQAQAAAAAAAAAAYAEAAO1GoQAAAAAAAAAAAAAAA
>   ADtRqEAAAAAAMUjuImqVZhBkOkdt24C0IsBAAAAAAAAAA4AAAAAAAAAY4GwFkVcvEmMMExrVon4d6
>   13PwAAAAAADGzFNzznrESIxHzA74fbs4W3MAAAAAAAOnFoO5OE2E27lR/g4EcjQTLbIwAAAAAAuEm
>   PWjYok0qGS0HM/+TDmK7FgAMAAAAA6PTFXvAdnkaJSIkZT1lS+xRDIgAAAAAA4qTQaC46/Ua4KXgP
>   /ixNcbjpVAAAAAAAWowbgYD1akibZ+sCul5C4eNmLQAAAAAAxSO4iapVmEGQ6R23bgLQi+9GoQAAA
>   AAAogC6jFcyFUmhBp4B7FkaBbAvnQEAAAAAyhKMxsP0uUKGEnG2lsyA8eTUwgYAAAAA4n8Xx1bAlU
>   mBUl3zhlZ9WBngDAAAAAAA71vM2ebFEkCJkBaLjB4CGU+4CQMAAAAAGfO+4ndZCkaVKnwZNlNsf90
>   NDAAAAAAAgD6n+M2bcUGkOwo5gPLx7IOjAwAAAAAA
> nsds50ruv: {replicageneration} 553fe9bb000000040000
> nsds50ruv: {replica 4 ldap://dc1.ipadomain.net:389} 553fe9c9
>   000000040000 5575e79e000000040000
> nsds50ruv: {replica 3 ldap://dc2.ipadomain.net:389} 553fe9c
>   4000000030000 557244db001700030000
> nsruvReplicaLastModified: {replica 4 ldap://dc1.ipadomain.ne
>   t:389} 5575e704
> nsruvReplicaLastModified: {replica 3 ldap://dc2.ipadomain.n
>   et:389} 00000000
> oneWaySync: fromWindows
> nsds5ReplicaEnabled: on
> nsds5replicareapactive: 0
> nsds5replicaLastUpdateStart: 20150608191201Z
> nsds5replicaLastUpdateEnd: 20150608191201Z
> nsds5replicaChangesSentSinceStartup:: NDo0My8wIA==
> nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental
> upd
>   ate succeeded
> nsds5replicaUpdateInProgress: FALSE
> nsds5replicaLastInitStart: 20150608191038Z
> nsds5replicaLastInitEnd: 20150608191109Z
> nsds5replicaLastInitStatus: 0 Total update succeeded
>
>

More information about the Freeipa-users mailing list