[Freeipa-users] Problem with properly removing replica master from cluster

Petr Vobornik pvoborni at redhat.com
Thu Jul 7 16:06:57 UTC 2016 

On 07/04/2016 05:54 PM, Christophe TREFOIS wrote:
> Dear all,
>
> First of all, thanks to mbasti for helping out so far.
>
> We have a 3-node master cluster (—setup-ca) on 4.1 and setup a 4th using 4.2.0 as we want to migrate there.
>
> First, we had some orphan entries in ipa-replica-manage list. We removed those by manually removing the LDAP node + children in cn=etc,cn=ipa,cn=masters.
> Then, we saw that there is still an orphan entry here:
>
> ldapsearch -xLLL -D "cn=directory manager" -W -b dc=uni,dc=lu '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))’
>
> In particular, there is one ghost entry for nsDS5ReplicaBindDN
>
> This is the details of ldapsearch -x -D 'cn=directory manager' -W -b 'cn=Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat,ou=csusers,cn=config'
>
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <cn=Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat,ou=csusers,cn=config> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat, csusers, config
> dn: cn=Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat,ou=csusers
>  ,cn=config
> objectClass: top
> objectClass: person
> cn: Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat
> sn: manager
> userPassword:: **REMOVED**
>  =
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> In addition, in slapd error log, i periodically (every 5 mins) see the following errors:
>
> [04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://server1.uni.lu:389/o%3Dipaca) failed.
> [04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://server1.uni.lu:389/o%3Dipaca) failed.
> [04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://server1.uni.lu:389/o%3Dipaca) failed.
>
> Could anybody help me to clean up the orphaned master replica (that is dead) and also tell if these attr_replace errors are related?

Hello Christophe,

this is result of not running `ipa-csreplica-manage del` prior running 
`ipa-replica-manage del` or `ipa-server-install --uninstall`.

Solution is described at: 
https://www.freeipa.org/page/Troubleshooting#Obsolete_RUV_records

>
> Thank you for your help in this,
>
> Kind regards,
>
>> Christophe
>
>


-- 
Petr Vobornik

More information about the Freeipa-users mailing list