[Freeipa-users] FreeIPA 4.4 - Can't find topology segment, nsunique attribute
Georgijs Radovs
georgijsr at scandiweb.com
Thu Dec 22 09:41:45 UTC 2016
Hello, Martin!
Thank you for your help, conflicts resolved.
All is well.
FreeIPA is awesome! )
On 2016.12.22. 11:01, Martin Babinsky wrote:
> On 12/22/2016 09:31 AM, Georgijs Radovs wrote:
>> Hello everyone!
>>
>> Today, I've updated 2 FreeIPA servers from version 4.2 to version 4.4.
>>
>> Both of these servers are Masters and CAs, both are replicating between
>> each other.
>>
>> But, when I run
>>
>> *ipa topologysegment-find* to view replication agreements for *domain*
>> and *ca* suffixes
>>
>> it returns zero results.
>>
>> Web UI also does not show any agreements, but when I try to create a
>> replication agreement between both servers, I get error that agreement
>> already exists.
>>
>> Also, when viewing directory using ldap browser, I found these
>> containers:
>>
>> DN:
>> cn=ca+nsuniqueid=7252d047-c76611e6-a1fcaefe-5d4473a3,cn=topology,cn=ipa,cn=etc,dc=example,dc=com
>>
>>
>>
>> DN:
>> cn=domain+nsuniqueid=7252d000-c76611e6-a1fcaefe-5d4473a3,cn=topology,cn=ipa,cn=etc,dc=example,dc=com
>>
>>
>>
>> Both of them contain topology segments, which I'm trying to create, but
>> they do not show up anywhere.
>>
>> How do I remove nsuniqueid attribute or delete those containers?
>>
>
> Hi Georgijs,
>
> these entries come from replication conflicts, please see the
> following guide on how to solve them:
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>
>
> Also as a side note, such conflicts may come from upgrading IPA
> masters at once which is not recommended. Make sure that when you
> upgrade the topology you only upgrade one master at time.
>
--
<https://www.youtube.com/watch?v=bs0V2F06liw>
More information about the Freeipa-users
mailing list