[Freeipa-users] FreeIPA 4.4 - Can't find topology segment, nsunique attribute
Martin Babinsky
mbabinsk at redhat.com
Thu Dec 22 09:01:23 UTC 2016
On 12/22/2016 09:31 AM, Georgijs Radovs wrote:
> Hello everyone!
>
> Today, I've updated 2 FreeIPA servers from version 4.2 to version 4.4.
>
> Both of these servers are Masters and CAs, both are replicating between
> each other.
>
> But, when I run
>
> *ipa topologysegment-find* to view replication agreements for *domain*
> and *ca* suffixes
>
> it returns zero results.
>
> Web UI also does not show any agreements, but when I try to create a
> replication agreement between both servers, I get error that agreement
> already exists.
>
> Also, when viewing directory using ldap browser, I found these containers:
>
> DN:
> cn=ca+nsuniqueid=7252d047-c76611e6-a1fcaefe-5d4473a3,cn=topology,cn=ipa,cn=etc,dc=example,dc=com
>
>
> DN:
> cn=domain+nsuniqueid=7252d000-c76611e6-a1fcaefe-5d4473a3,cn=topology,cn=ipa,cn=etc,dc=example,dc=com
>
>
> Both of them contain topology segments, which I'm trying to create, but
> they do not show up anywhere.
>
> How do I remove nsuniqueid attribute or delete those containers?
>
Hi Georgijs,
these entries come from replication conflicts, please see the following
guide on how to solve them:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
Also as a side note, such conflicts may come from upgrading IPA masters
at once which is not recommended. Make sure that when you upgrade the
topology you only upgrade one master at time.
--
Martin^3 Babinsky
More information about the Freeipa-users
mailing list