[Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists
Nathan Peters
Nathan.Peters at globalrelay.net
Tue Jan 19 21:47:38 UTC 2016
[18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config"
[18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0
[18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND
Do you mean that log entry ^? I am seeing that entry on dc2-ipa-dev-nvan, the host that dc1-ipa-dev-van is contacting as its master when we attempt the ipa-replica-install. Look through my earlier posts in this thread for a full log.
Yes, of course that DN exists on all my masters. With a 3 way replication it would have to exist because the current master is replicating to 2 other masters. Here is the ldapsearch for all 3 existing hosts showing that DN (dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config") which is apparently failing to be added because it already exists on all my hosts.
Entry on dc1-ipa-dev-van
========================
[nathan.peters at dc1-ipa-dev-van ~]$ ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# replica, dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config
dn: cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config
cn: replica
nsDS5Flags: 1
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.dev-mydomain.net
@DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net
nsDS5ReplicaBindDN: krbprincipalname=ldap/dc2-ipa-dev-nvan.dev-mydomain.net
@DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net
nsDS5ReplicaId: 17
nsDS5ReplicaName: 11f21d13-bccf11e5-a49095ab-7f963284
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaType: 3
nsState:: EQAAAAAAAADQrJ5WAAAAANkAAAAAAAAAkwAAAAAAAAAJAAAAAAAAAA==
nsds5ReplicaLegacyConsumer: off
nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=dev-
mydomain,dc=net
nsds5replicabinddngroupcheckinterval: 60
objectClass: nsds5replica
objectClass: top
objectClass: extensibleobject
nsds5ReplicaChangeCount: 71685
nsds5replicareapactive: 0
# meTodc1-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\
3Dnet, mapping tree, config
dn: cn=meTodc1-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config
cn: meTodc1-ipa-dev-nvan.dev-mydomain.net
description: me to dc1-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicaHost: dc1-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaPort: 389
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsds50ruv: {replicageneration} 553fe9bb000000040000
nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd
26000000100000 569b918f001400100000
nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124
b000000110000 569b918f000f00110000
nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee
040000000f0000 569b91750005000f0000
nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b
b0000000e0000 569b91320014000e0000
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
nsds5replicaTimeout: 120
nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n
et:389} 00000000
nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n
et:389} 00000000
objectClass: nsds5replicationagreement
objectClass: top
objectClass: ipaReplTopoManagedAgreement
ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p
lugin
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20160119213851Z
nsds5replicaLastUpdateEnd: 19700101000000Z
nsds5replicaChangesSentSinceStartup:: MTc6NTMxLzEzMTg4MzYzMSAxNTozNTAvMCAxNDo1
MC8wIDE2OjMyMi8wIDA6Ni8xMTUg
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate started
nsds5replicaUpdateInProgress: TRUE
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z
# meTodc2-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\
3Dnet, mapping tree, config
dn: cn=meTodc2-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config
cn: meTodc2-ipa-dev-nvan.dev-mydomain.net
description: me to dc2-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicaHost: dc2-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaPort: 389
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsds50ruv: {replicageneration} 553fe9bb000000040000
nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee
040000000f0000 569b91900002000f0000
nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd
26000000100000 569b918d004a00100000
nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b
b0000000e0000 569b91320014000e0000
nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124
b000000110000 569b918f000f00110000
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
nsds5replicaTimeout: 120
nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n
et:389} 00000000
nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n
et:389} 00000000
objectClass: nsds5replicationagreement
objectClass: top
objectClass: ipaReplTopoManagedAgreement
ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p
lugin
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20160119213851Z
nsds5replicaLastUpdateEnd: 19700101000000Z
nsds5replicaChangesSentSinceStartup:: MTc6NTQyLzEzMDIxNDkwNSAxNDoxNjkvMCAxNjo0
NDUvMCAxNToyOTQvMCAwOjEvMTExIA==
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate started
nsds5replicaUpdateInProgress: TRUE
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
Entry on dc1-ipa-dev-nvan
=========================
[nathan.peters at dc1-ipa-dev-nvan ~]$ ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# replica, dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config
dn: cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config
cn: replica
nsDS5Flags: 1
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindDN: krbprincipalname=ldap/dc2-ipa-dev-nvan.dev-mydomain.net
@DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net
nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.dev-mydomain.net@
DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net
nsDS5ReplicaId: 16
nsDS5ReplicaName: 79ee3693-bcc211e5-bfa4b538-a3d71f3c
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaType: 3
nsState:: EAAAAAAAAACrrZ5WAAAAAHgAAAAAAAAA8wAAAAAAAAACAAAAAAAAAA==
nsds5ReplicaLegacyConsumer: off
nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=dev-
mydomain,dc=net
nsds5replicabinddngroupcheckinterval: 60
objectClass: nsds5replica
objectClass: top
objectClass: extensibleobject
nsds5ReplicaChangeCount: 89267
nsds5replicareapactive: 0
# meTodc1-ipa-dev-van.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\3
Dnet, mapping tree, config
dn: cn=meTodc1-ipa-dev-van.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config
cn: meTodc1-ipa-dev-van.dev-mydomain.net
description: me to dc1-ipa-dev-van.dev-mydomain.net
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicaHost: dc1-ipa-dev-van.dev-mydomain.net
nsDS5ReplicaPort: 389
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsds50ruv: {replicageneration} 553fe9bb000000040000
nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124
b000000110000 569b90c7001a00110000
nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd
26000000100000 569b90c7001600100000
nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee
040000000f0000 569b8f900005000f0000
nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b
b0000000e0000 569b8f99001c000e0000
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
nsds5replicaTimeout: 120
nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n
et:389} 00000000
nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n
et:389} 00000000
objectClass: nsds5replicationagreement
objectClass: top
objectClass: ipaReplTopoManagedAgreement
ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p
lugin
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20160119214152Z
nsds5replicaLastUpdateEnd: 20160119214152Z
nsds5replicaChangesSentSinceStartup:: MTY6ODg3LzM1NTUxNDQgMTU6MTgyLzAgMTQ6OC8w
IDE3OjMvMCAwOjEvMCA=
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate succeeded
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z
# meTodc2-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\
3Dnet, mapping tree, config
dn: cn=meTodc2-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config
cn: meTodc2-ipa-dev-nvan.dev-mydomain.net
description: me to dc2-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicaHost: dc2-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaPort: 389
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsds50ruv: {replicageneration} 553fe9bb000000040000
nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee
040000000f0000 569b90b10003000f0000
nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd
26000000100000 569b90c1000a00100000
nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b
b0000000e0000 569b8f99001c000e0000
nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124
b000000110000 569b8e0e000700110000
nsds5ReplicaEnabled: on
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
nsds5replicaTimeout: 120
nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n
et:389} 00000000
nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n
et:389} 00000000
objectClass: nsds5replicationagreement
objectClass: top
objectClass: ipaReplTopoManagedAgreement
ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p
lugin
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20160119214206Z
nsds5replicaLastUpdateEnd: 20160119214206Z
nsds5replicaChangesSentSinceStartup:: MTY6NjQyLzE4OTQ5ODAgMTQ6NzEvMCAxNzoxNC8w
IDE1OjIvMCA=
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate succeeded
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
Entry on dc2-ipa-dev-nvan
=========================
[nathan.peters at dc2-ipa-dev-nvan ~]$ ldapsearch -D "cn=directory manager" -b "cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# replica, dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config
dn: cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config
cn: replica
nsDS5Flags: 1
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.dev-mydomain.net
@DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net
nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.dev-mydomain.net@
DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net
nsDS5ReplicaId: 15
nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaType: 3
nsState:: DwAAAAAAAADWrZ5WAAAAAAAAAAAAAAAAbAEAAAAAAAABAAAAAAAAAA==
nsds5ReplicaLegacyConsumer: off
nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=dev-
mydomain,dc=net
nsds5replicabinddngroupcheckinterval: 60
objectClass: nsds5replica
objectClass: top
objectClass: extensibleobject
nsds5ReplicaChangeCount: 66837
nsds5replicareapactive: 0
# meTodc1-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\
3Dnet, mapping tree, config
dn: cn=meTodc1-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config
cn: meTodc1-ipa-dev-nvan.dev-mydomain.net
description: me to dc1-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicaHost: dc1-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaPort: 389
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsds50ruv: {replicageneration} 553fe9bb000000040000
nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd
26000000100000 569b9201002200100000
nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124
b000000110000 569b91af000d00110000
nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee
040000000f0000 569b92010002000f0000
nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b
b0000000e0000 569b91320014000e0000
nsds5ReplicaEnabled: on
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
nsds5replicaTimeout: 120
nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n
et:389} 00000000
nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n
et:389} 00000000
objectClass: nsds5replicationagreement
objectClass: top
objectClass: ipaReplTopoManagedAgreement
ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p
lugin
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20160119214250Z
nsds5replicaLastUpdateEnd: 20160119214250Z
nsds5replicaChangesSentSinceStartup:: MTU6NDk2LzE2MjI3NzggMTQ6MS8wIDE3OjIyLzAg
MTY6Mi8wIA==
nsds5replicaLastUpdateStatus: 1 Can't acquire busy replica
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z
# meTodc1-ipa-dev-van.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\3
Dnet, mapping tree, config
dn: cn=meTodc1-ipa-dev-van.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config
cn: meTodc1-ipa-dev-van.dev-mydomain.net
description: me to dc1-ipa-dev-van.dev-mydomain.net
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicaHost: dc1-ipa-dev-van.dev-mydomain.net
nsDS5ReplicaPort: 389
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
nsds5replicaTimeout: 120
objectClass: nsds5replicationagreement
objectClass: top
objectClass: ipaReplTopoManagedAgreement
ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p
lugin
nsds50ruv: {replicageneration} 553fe9bb000000040000
nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124
b000000110000 569b9201000500110000
nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd
26000000100000 569b918d004a00100000
nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee
040000000f0000 569b92010002000f0000
nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b
b0000000e0000 569b91320014000e0000
nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n
et:389} 00000000
nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n
et:389} 00000000
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20160119214305Z
nsds5replicaLastUpdateEnd: 20160119214305Z
nsds5replicaChangesSentSinceStartup:: MTU6NjQ0LzI4NDc1OTggMTY6MTc2LzAgMTc6Mi8w
IDA6MS8wIA==
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate succeeded
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
-----Original Message-----
From: Rob Crittenden [mailto:rcritten at redhat.com]
Sent: January-19-16 12:33 PM
To: Nathan Peters; Ludwig Krispenz
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists
Nathan Peters wrote:
> Ok, after rm-rf /etc/dirsrv I was able to re-install again, but back to the old issue with DuplicatEntry.
>
> Can anyone on this list tell me how to fix this issue ? This is a production domain with several hundred clients and servers attached, so I can't just blow it away and start over.
You've had several people trying.
> I need to get this fixed.
I think Ludwig's question still stands: on what host are you seeing the
duplicate entry logged (err=68)? I presume on the master it is trying to
create the agreement against. Have you looked to see if this entry
exists on your current masters?
rob
More information about the Freeipa-users
mailing list