[Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape
Ludwig Krispenz
lkrispen at redhat.com
Tue Feb 23 10:22:56 UTC 2016
On 02/22/2016 11:51 PM, Timothy Geier wrote:
>
> What’s the established procedure to start a 389 instance without any
> replication agreements enabled? The only thing that seemed close on
> google
> (http://directory.fedoraproject.org/docs/389ds/howto/howto-fix-and-reset-time-skew.html)
> seems risky and couldn’t be done
> trivially in a production environment.
no, this is about how to get out of problems when replication could no
longer synchronize its csn time generation, either by too many
accumulate time drifts o playing with system time, hope you don't have
to go thru this.
Enabling disabling a replication agreement can be done by setting the
configuration parameter:
look for replication agreements (entries with
objectclass=nsDS5ReplicationAgreement) and set
nsds5ReplicaEnabled: off
you can do this with an ldapmodify when the server is running or by
editing /etc/dirsrv/slapd-<INSTANCE>/dse.ldif when teh server is stopped
More information about the Freeipa-users
mailing list