[Freeipa-users] getting rid of nsds5ReplConflict
Rich Megginson
rmeggins at redhat.com
Tue May 19 16:37:41 UTC 2015
On 05/19/2015 10:10 AM, Megan . wrote:
> I'm struggling with a replication conflict. I had three masters,
> dir1, dir2, dir3. There were some weird issues with dir2 where I was
> getting "error 49 (Invalid credentials)" without any real
> information.
Where did you see this? command line output? Of what command? In a
log file? Which log file? Can you post the exact error message along
with the context?
> When i did " ipa-replica-manage list-ruv" i saw dir2
> twice.
Can you post the output?
> I couldn't get it straight
What does "get it straight" mean? Does it mean you ran some commands?
If so, what commands did you run and what was the result?
> so i decided to try to re-create
> the replica. I disconnected the replica, ran the del for the replica.
> When i check for replication conflicts i still see it in there and I
> can't seem to get it to go away.
Deleting and recreating the replica will not remove the replication
conflict if the conflict has been replicated to other servers.
This document doesn't say anything about resolving replica conflict
entries by deleting and re-adding replicas:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
> It only shows up on one of the
> remaining masters.
>
> I was trying to follow the documentation
The link above?
> and use ldapmodify to change
> the dn to cn=olddir2.somewhere.example.something.com7475d90c but
> everything i seem to be trying doesn't work.
What exactly did you do?
>
> I'm assuming this entry needs to be cleared up before i can
> successfully setup dir2 again as a replica.
No, not necessarily.
>
> Any help would be greatly appreciated.
>
> Thanks!
>
>
> [root at dir1 ~]# ldapsearch -x -D "cn=directory manager" -W -b
> "dc=somewhere,dc=example,dc=something,dc=com" "nsds5ReplConflict=*" \*
> nsds5ReplConflict
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=somewhere,dc=example,dc=something,dc=com> with scope subtree
> # filter: nsds5ReplConflict=*
> # requesting: * nsds5ReplConflict
> #
>
> # dir2.somewhere.example.something.com +
> 7475d90c-f34911e4-99a0ab24-58022cdf, masters
> , ipa, etc, somewhere.example.something.com
> dn: cn=dir2.somewhere.example.something.com+nsuniqueid=7475d90c-f34911e4-99a0ab24-5802
> 2cdf,cn=masters,cn=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com
> nsds5ReplConflict: namingConflict
> cn=dir2.somewhere.example.something.com,cn=masters,c
> n=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com
> objectClass: top
> objectClass: nsContainer
> cn: dir2.somewhere.example.something.com
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
More information about the Freeipa-users
mailing list