[Freeipa-users] Can't remove all replica records from ldap
Kim Perrin
kperrin at doctorondemand.com
Tue Mar 17 19:41:42 UTC 2015
Hello all,
For nearly 2 years I’ve been running a Freeipa 3 (currently 3.0.0-42)
environment. We've had 2 masters since the start. Several replicas
have had problems that required me to remove them. I’ve removed them
all (except the very last one) by running ‘ipa-server-install
--uninstall’ and then ipa-replica-manage clean-ruv’. The latest
replica I tried to remove failed on both commands. On further
inspection I see all the previous replicas have orphaned entries in
the ldap db. How do I remove all the entries? (I’ve listed the
entries below). Is this process safe (in what is currently a single
ipa server environment)? Note, I’ve seen the one of the necessary
LDIFs that can be ‘run’ to remove the entries -- I just don’t
understand how to run an ldif.
Relevant entries -
kperrin at noc1-prd:~# ldapsearch -xLLL -D "cn=directory manager" -W -s
sub -b cn=config objectclass=nsds5replica
Enter LDAP Password:
dn: cn=replica,cn=dc\3Dcompanyz\2Cdc\3Dcom,cn=mapping tree,cn=config
cn: replica
nsDS5Flags: 1
objectClass: top
objectClass: nsds5replica
objectClass: extensibleobject
nsDS5ReplicaType: 3
nsDS5ReplicaRoot: dc=companyz,dc=com
nsds5ReplicaLegacyConsumer: off
nsDS5ReplicaId: 4
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindDN:
krbprincipalname=ldap/noc2prd.companyz.com at COMPANYZ.COM,cn=services,cn=accounts,dc=companyz,dc=com
nsDS5ReplicaBindDN:
krbprincipalname=ldap/util1prd.companyz.com at COMPANYZ.COM,cn=services,cn=accounts,dc=companyz,dc=com
nsDS5ReplicaBindDN:
krbprincipalname=ldap/noc3prd.companyz.com at COMPANYZ.COM,cn=services,cn=accounts,dc=companyz,dc=com
nsDS5ReplicaBindDN:
krbprincipalname=ldap/noc4prd.companyz.com at COMPANYZ.COM,cn=services,cn=accounts,dc=companyz,dc=com
nsState:: BAAAAAAAAABlZwhVAAAAAAAAAAAAAAAADgAAAAAAAAAFAAAAAAAAAA==
nsDS5ReplicaName: 2767660e-9e5611e2-b7b6a070-c35ad5d3
nsds5ReplicaAbortCleanRUV: 14:dc=companyz,dc=com
nsds5ReplicaChangeCount: 682699
nsds5replicareapactive: 0
kperrin at noc1-prd:~# ldapsearch -xLLL -D "cn=directory manager" -W -b
o=ipaca '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))'
-p 7389 -h noc1-prd
Enter LDAP Password:
dn: nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,o=ipaca
objectClass: top
objectClass: nsTombstone
objectClass: extensibleobject
nsds50ruv: {replicageneration} 5317a449000000600000
nsds50ruv: {replica 96 ldap://noc1-prd.companyz.com:7389} 5317a455000000
600000 550878b9000000600000
nsds50ruv: {replica 71 ldap://noc2-prd.companyz.com:7389} 531ce018000000
470000 531ce069000300470000
nsds50ruv: {replica 76 ldap://noc4-prd.companyz.com:7389} 531cdde8000000
4c0000 53f659500004004c0000
nsds50ruv: {replica 81 ldap://noc2-prd.companyz.com:7389} 531bf216000000
510000 531bf265000100510000
nsds50ruv: {replica 86 ldap://noc3-prd.companyz.com:7389} 531a3222000000
560000 531a3256000400560000
nsds50ruv: {replica 91 ldap://noc2-prd.companyz.com:7389} 5317f7cf000000
5b0000 531949920000005b0000
nsds50ruv: {replica 97 ldap://util1-prd.companyz.com:7389} 5317a45000000
0610000 5317a48a000100610000
o: ipaca
nsruvReplicaLastModified: {replica 96 ldap://noc1-prd.companyz.com:7389}
550878ab
nsruvReplicaLastModified: {replica 71 ldap://noc2-prd.companyz.com:7389}
00000000
nsruvReplicaLastModified: {replica 76 ldap://noc4-prd.companyz.com:7389}
00000000
nsruvReplicaLastModified: {replica 81 ldap://noc2-prd.companyz.com:7389}
00000000
nsruvReplicaLastModified: {replica 86 ldap://noc3-prd.companyz.com:7389}
00000000
nsruvReplicaLastModified: {replica 91 ldap://noc2-prd.companyz.com:7389}
00000000
nsruvReplicaLastModified: {replica 97 ldap://util1-prd.companyz.com:7389
} 00000000
-- and here is an example LDIF to remove the last record listed above -
dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config
changetype: modify
replace: nsds5task
nsds5task: CLEANRUV97
How do I ‘run’ this ldif?
Thanks,
Kim Perrin
More information about the Freeipa-users
mailing list