[Freeipa-users] getting rid of nsds5ReplConflict

Rich Megginson rmeggins at redhat.com
Tue May 19 16:37:41 UTC 2015 

On 05/19/2015 10:10 AM, Megan . wrote:
> I'm struggling with a replication conflict.  I had three masters,
> dir1, dir2, dir3.  There were some weird issues with dir2 where I was
> getting  "error 49 (Invalid credentials)" without any real
> information.

Where did you see this?  command line output?  Of what command?  In a 
log file?  Which log file?  Can you post the exact error message along 
with the context?

> When i did " ipa-replica-manage list-ruv" i saw dir2
> twice.

Can you post the output?

> I couldn't get it straight

What does "get it straight" mean?  Does it mean you ran some commands?  
If so, what commands did you run and what was the result?

> so i decided to try to re-create
> the replica.  I disconnected the replica, ran the del for the replica.
> When i check for replication conflicts i still see it in there and I
> can't seem to get it to go away.

Deleting and recreating the replica will not remove the replication 
conflict if the conflict has been replicated to other servers.

This document doesn't say anything about resolving replica conflict 
entries by deleting and re-adding replicas:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html

> It only shows up on one of the
> remaining masters.
>
> I was trying to follow the documentation

The link above?

> and use ldapmodify to change
> the dn to cn=olddir2.somewhere.example.something.com7475d90c but
> everything i seem to be trying doesn't work.

What exactly did you do?

>
> I'm assuming this entry needs to be cleared up before i can
> successfully setup dir2 again as a replica.

No, not necessarily.

>
> Any help would be greatly appreciated.
>
> Thanks!
>
>
> [root at dir1 ~]# ldapsearch -x -D "cn=directory manager" -W -b
> "dc=somewhere,dc=example,dc=something,dc=com" "nsds5ReplConflict=*" \*
> nsds5ReplConflict
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=somewhere,dc=example,dc=something,dc=com> with scope subtree
> # filter: nsds5ReplConflict=*
> # requesting: * nsds5ReplConflict
> #
>
> # dir2.somewhere.example.something.com +
> 7475d90c-f34911e4-99a0ab24-58022cdf, masters
>   , ipa, etc, somewhere.example.something.com
> dn: cn=dir2.somewhere.example.something.com+nsuniqueid=7475d90c-f34911e4-99a0ab24-5802
>   2cdf,cn=masters,cn=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com
> nsds5ReplConflict: namingConflict
> cn=dir2.somewhere.example.something.com,cn=masters,c
>   n=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com
> objectClass: top
> objectClass: nsContainer
> cn: dir2.somewhere.example.something.com
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>

More information about the Freeipa-users mailing list