[Freeipa-users] What am I missing? ipaca?

Martin Kosek mkosek at redhat.com
Tue Mar 24 16:08:55 UTC 2015 

On 03/24/2015 03:18 PM, thierry bordaz wrote:
> Hello,
> 
> Sorry for the late answer.
> 
> Those entries are named RUV.
> 
> host25.xxxxx1.net RUV contains
> nscpentrywsi: nsds50ruv: {replicageneration} 550feb15000000600000
> nscpentrywsi: nsds50ruv: {replica 96 ldap://host25.xxxxx1.net:389}
> 550feb1d000000600000 551129d7000000600000
> nscpentrywsi: nsds50ruv: {replica 1195 ldap://host28.xxxxx1.net:389}
> 550feed9000004ab0000 551129d7000804ab0000
> *nscpentrywsi: nsds50ruv: {replica 1685 ldap://host68.xxxxx1.net:389}
> 551016e7000006950000 551016e8000306950000
> nscpentrywsi: nsds50ruv: {replica 1690 ldap://host68.xxxxx1.net:389}
> 551012ed0000069a0000 551012ee0001069a0000
> nscpentrywsi: nsds50ruv: {replica 1695 ldap://host68.xxxxx1.net:389}
> 55100d8b0000069f0000 55100d8c0001069f0000*
> nscpentrywsi: nsds50ruv: {replica 91 ldap://host51.xxxxx2:389}
> 550ff1440000005b0000 551113bd0003005b0000
> nscpentrywsi: nsds50ruv: {replica 97 ldap://host26.xxxxx1.net:389}
> 550feb27000000610000 55112711000400610000
> nscpentrywsi: nsds50ruv: {replica 1095 ldap://host27.xxxxx1.net:389}
> 550fecef000004470000 55111c8b000504470000
> nscpentrywsi: nsds50ruv: {replica 1295 ldap://host52.xxxxx2:389}
> 550ff3480000050f0000 5511138e000b050f0000
> nscpentrywsi: nsds50ruv: {replica 1395 ldap://host32.xxxxx2:389}
> 550ff5ed000005730000 55110c85000305730000
> nscpentrywsi: nsds50ruv: {replica 1495 ldap://host33.xxxxx2:389}
> 550ff837000005d70000 551125b1000105d70000
> *nscpentrywsi: nsds50ruv: {replica 1595 ldap://host18.xxxxx2:389}
> 550ffc6b0000063b0000 550ffc6c0001063b0000
> nscpentrywsi: nsds50ruv: {replica 1590 ldap://host18.xxxxx2:389}
> 5510000a000006360000 5510000b000106360000
> nscpentrywsi: nsds50ruv: {replica 1585 ldap://host18.xxxxx2:389}
> 55100385000006310000 55100387000106310000*
> 
> So host68:389 and host18:389 are masters for the same suffix (o=ipaca) but with
> different replica Identifier (1685,1690,1695 and 1585,1590,1595).
> 
> Some of those Replica Identifiers are likely old one that need to cleared.
> Did you run CLEANRUV ?
> 
> thanks
> thierry

Right. Maybe you reinstalled IPA replica (several times) without cleaning the
RUV? With

# ipa-replica-manage list-ruv
# ipa-replica-manage clean-ruv

you should be able to clean the old (lower) RUVs and see if the error
disappears. More info in "man ipa-replica-manage" and on

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-topology.html#cleanruv

Martin

More information about the Freeipa-users mailing list