[Freeipa-users] unable to delete a replica server

[Rob Crittenden]

Torsten Harenberg wrote:
> Hi,
>
> we have three ipa servers
>
> - ipa
> - ipa2
> - ipacentos7
>
> We wanted to re-install ipa2 from scratch as this server gave us strange
> issues in the past (for example, you have to do a "ipactl stop && ipactl
> start" after boot to have everything running - a step which is not
> needed on the other two).
>
> However, the ipa-replica-manage del ipa2.pleiades.uni-wuppertal.de gave
> an error at the end (it scrolled out of the terminal, but ended with
> "unexpected error: Not allowed on non-leaf entry").
>
> It seems to be impossible to get rid of this replica now:
>
> [root at ipa ~]#  ipa-replica-manage -v -f -c  del
> ipa2.pleiades.uni-wuppertal.de
> Directory Manager password:
>
> Cleaning a master is irreversible.
> This should not normally be require, so use cautiously.
> Continue to clean master? [no]: yes
> unexpected error: Not allowed on non-leaf entry
> [root at ipa ~]# ipa-replica-manage list
> Directory Manager password:
>
> ipacentos7.pleiades.uni-wuppertal.de: master
> ipa.pleiades.uni-wuppertal.de: master
> ipa2.pleiades.uni-wuppertal.de: master
> [root at ipa ~]#
>
> [root at ipa ~]#  ipa-csreplica-manage -v del ipa2.pleiades.uni-wuppertal.de
> Directory Manager password:
>
> Deleted replication agreement from 'ipa.pleiades.uni-wuppertal.de' to
> 'ipa2.pleiades.uni-wuppertal.de'
> [root at ipa ~]# ipa-replica-manage list
> Directory Manager password:
>
> ipacentos7.pleiades.uni-wuppertal.de: master
> ipa.pleiades.uni-wuppertal.de: master
> ipa2.pleiades.uni-wuppertal.de: master
> [root at ipa ~]#
>
> Any ideas how to proceed from here?

Seems like an error that LDAP is throwing. There might be details in 
/var/log/dirsrv/slapd-REALM/{access|errors}

It sounds like when IPA tried to delete some entry it failed because 
that entry has children. The logs should help pinpoint which entry it is 
failing on.

rob