[Freeipa-users] getting rid of nsds5ReplConflict

Tue May 19 18:32:20 UTC 2015

On 05/19/2015 12:27 PM, Megan . wrote:
> Thank you for the reply.  I think I just got frustrated.  I
> uninstalled ipa on the dir2 replica then set it back up again as a
> replica.  Everything seems to be replicating just fine without errors
> now.  I know that this isn't the preferred or documented solution but
> i needed the server back online asap.
>
> When i run "ipa-replica-manage list-ruv" i see dir2 listed twice.  Is
> this a concern?

No.  When you get a chance, you can remove the one that is no longer 
used with the documented clean ruv procedure.  I believe there is an ipa 
command for that.

>
> [root at dir1 ipa]# ipa-replica-manage list-ruv
> dir1.example.com:389: 4
> dir3.example.com:389: 5
> dir2.example.com:389: 6
> dir2.example.com:389: 8
>
> On Tue, May 19, 2015 at 12:37 PM, Rich Megginson <rmeggins at redhat.com> wrote:
>> On 05/19/2015 10:10 AM, Megan . wrote:
>>> I'm struggling with a replication conflict.  I had three masters,
>>> dir1, dir2, dir3.  There were some weird issues with dir2 where I was
>>> getting  "error 49 (Invalid credentials)" without any real
>>> information.
>>
>> Where did you see this?  command line output?  Of what command?  In a log
>> file?  Which log file?  Can you post the exact error message along with the
>> context?
>>
>>> When i did " ipa-replica-manage list-ruv" i saw dir2
>>> twice.
>>
>> Can you post the output?
>>
>>> I couldn't get it straight
>>
>> What does "get it straight" mean?  Does it mean you ran some commands?  If
>> so, what commands did you run and what was the result?
>>
>>> so i decided to try to re-create
>>> the replica.  I disconnected the replica, ran the del for the replica.
>>> When i check for replication conflicts i still see it in there and I
>>> can't seem to get it to go away.
>>
>> Deleting and recreating the replica will not remove the replication conflict
>> if the conflict has been replicated to other servers.
>>
>> This document doesn't say anything about resolving replica conflict entries
>> by deleting and re-adding replicas:
>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>>
>>> It only shows up on one of the
>>> remaining masters.
>>>
>>> I was trying to follow the documentation
>>
>> The link above?
>>
>>> and use ldapmodify to change
>>> the dn to cn=olddir2.somewhere.example.something.com7475d90c but
>>> everything i seem to be trying doesn't work.
>>
>> What exactly did you do?
>>
>>> I'm assuming this entry needs to be cleared up before i can
>>> successfully setup dir2 again as a replica.
>>
>> No, not necessarily.
>>
>>
>>> Any help would be greatly appreciated.
>>>
>>> Thanks!
>>>
>>>
>>> [root at dir1 ~]# ldapsearch -x -D "cn=directory manager" -W -b
>>> "dc=somewhere,dc=example,dc=something,dc=com" "nsds5ReplConflict=*" \*
>>> nsds5ReplConflict
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <dc=somewhere,dc=example,dc=something,dc=com> with scope subtree
>>> # filter: nsds5ReplConflict=*
>>> # requesting: * nsds5ReplConflict
>>> #
>>>
>>> # dir2.somewhere.example.something.com +
>>> 7475d90c-f34911e4-99a0ab24-58022cdf, masters
>>>    , ipa, etc, somewhere.example.something.com
>>> dn:
>>> cn=dir2.somewhere.example.something.com+nsuniqueid=7475d90c-f34911e4-99a0ab24-5802
>>>
>>> 2cdf,cn=masters,cn=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com
>>> nsds5ReplConflict: namingConflict
>>> cn=dir2.somewhere.example.something.com,cn=masters,c
>>>    n=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com
>>> objectClass: top
>>> objectClass: nsContainer
>>> cn: dir2.somewhere.example.something.com
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 2
>>> # numEntries: 1
>>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project