[Freeipa-users] Can't create replica
Jim Richard
jrichard at placeiq.com
Wed Dec 28 21:20:45 UTC 2016
This pretty much describes my issue:
https://access.redhat.com/solutions/136993 <https://access.redhat.com/solutions/136993>
ipa-server.x86_64 3.0.0-50.el6.centos.3
But it’s a little more complicated than that.
My goal at this point is just to get to one master with no replication, no remnants of replication, no dangling this or that in either the the main LDAP or the CA instance.
But, I think I’ve hosed it up pretty good, all things replication that is.
So there is only one live server now, sso-109.nym1.placeiq.net <http://sso-109.nym1.placeiq.net/>
But in going through the steps in that article I noticed something strange.
Notice the ReplicaBindDN principalname in the first command, that server no longer exists
And notice the the ID, 40. Then look at the output from the next command.
ID 40 is actually sso-109, am I reading that right??
and of course CLEANRUV40 gives "error 53 unwilling to perform” - which is expected ?? I think, maybe I don’t know :(
So uh, how do I un-F… myself here?
Can I like manually delete that replication instance 40?
If I’m saying, I just want one master, no replicas (will of course create a replica once I’m sure my one master is squared away), should I be able to get the db to a state with no nsDS5Replica entries?
[root at sso-109:(NYM) slapd-PKI-IPA]$ ldapsearch -xLLL -D "cn=directory manager" -W -s sub -b cn=config objectclass=nsds5replica
Enter LDAP Password:
dn: cn=replica,cn=dc\3Dplaceiq\2Cdc\3Dnet,cn=mapping tree,cn=config
cn: replica
nsDS5Flags: 1
objectClass: top
objectClass: nsds5replica
objectClass: extensibleobject
nsDS5ReplicaType: 3
nsDS5ReplicaRoot: dc=placeiq,dc=net
nsds5ReplicaLegacyConsumer: off
nsDS5ReplicaId: 40
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindDN: krbprincipalname=ldap/sso-110.nym1.placeiq.net at PLACEIQ.NET
,cn=services,cn=accounts,dc=placeiq,dc=net
nsState:: KAAAAAAAAADkKWRYAAAAAAAAAAAAAAAADwAAAAAAAAASAAAAAAAAAA==
nsDS5ReplicaName: 889b4308-86c311e6-95188dad-28da3cc2
nsds5ReplicaChangeCount: 13615
nsds5replicareapactive: 0
[root at sso-109:(NYM) slapd-PKI-IPA]$ ldapsearch -xLLL -D "cn=directory manager" -W -b dc=placeiq,dc=net \
> '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))'
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
[root at sso-109:(NYM) slapd-PKI-IPA]$ ldapsearch -xLLL -D "cn=directory manager" -W -b dc=placeiq,dc=net '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))'
Enter LDAP Password:
dn: nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,dc=placeiq,dc=net
objectClass: top
objectClass: nsTombstone
objectClass: extensibleobject
nsds50ruv: {replicageneration} 52b07d23000000040000
nsds50ruv: {replica 40 ldap://sso-109.nym1.placeiq.net:389} 57ede5500007002800
00 58642aad000100280000
dc: placeiq
nsruvReplicaLastModified: {replica 40 ldap://sso-109.nym1.placeiq.net:389} 586
42a9e
<http://www.placeiq.com/> <http://www.placeiq.com/> <http://www.placeiq.com/> Jim Richard <https://twitter.com/placeiq> <https://twitter.com/placeiq> <https://twitter.com/placeiq> <https://www.facebook.com/PlaceIQ> <https://www.facebook.com/PlaceIQ> <https://www.linkedin.com/company/placeiq> <https://www.linkedin.com/company/placeiq>
SYSTEM ADMINISTRATOR III
(646) 338-8905
<http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161228/e99c6dbe/attachment.htm>
More information about the Freeipa-users
mailing list