[Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape
Timothy Geier
tgeier at accertify.com
Sun Feb 28 07:15:34 UTC 2016
On Feb 23, 2016, at 4:22 AM, Ludwig Krispenz <lkrispen at redhat.com<mailto:lkrispen at redhat.com>> wrote:
On 02/22/2016 11:51 PM, Timothy Geier wrote:
What’s the established procedure to start a 389 instance without any replication agreements enabled? The only thing that seemed close on google (http://directory.fedoraproject.org/docs/389ds/howto/howto-fix-and-reset-time-skew.html) seems risky and couldn’t be done
trivially in a production environment.
no, this is about how to get out of problems when replication could no longer synchronize its csn time generation, either by too many accumulate time drifts o playing with system time, hope you don't have to go thru this.
Enabling disabling a replication agreement can be done by setting the configuration parameter:
look for replication agreements (entries with objectclass=nsDS5ReplicationAgreement) and set
nsds5ReplicaEnabled: off
you can do this with an ldapmodify when the server is running or by editing /etc/dirsrv/slapd-<INSTANCE>/dse.ldif when teh server is stopped
Thanks for the procedure..the good news is this worked quite well in making sure that 389 didn’t crash immediately after startup. The bad news is that the certificates still didn’t renew due to
Server at "http://master_server:8080/ca/ee/ca/profileSubmit<https://mail.accertify.com/owa/redir.aspx?REF=hBo37W2qnlmUfAeXTrhGw6WdavZzsQoMPQ85UuuxxhZLgX6LCUDTCAFodHRwOi8vbWFzdGVyX3NlcnZlcjo4MDgwL2NhL2VlL2NhL3Byb2ZpbGVTdWJtaXQ.>" replied: Profile caServerCert Not Found
which was the same error in getcert list I saw that one time 389 didn’t crash right away. At least now this can be further troubleshooted without worrying about 389.
"This message and any attachments may contain confidential information. If you
have received this message in error, any use or distribution is prohibited.
Please notify us by reply e-mail if you have mistakenly received this message,
and immediately and permanently delete it and any attachments. Thank you."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160228/25663ffa/attachment.htm>
More information about the Freeipa-users
mailing list