[Freeipa-users] Problem with properly removing replica master from cluster

Christophe TREFOIS christophe.trefois at uni.lu
Thu Jul 7 23:24:04 UTC 2016 

Hi Petr,

The cleaning task worked. No more errors.

Thanks for that.

Kind regards,

—
Christophe

Dr Christophe Trefois, Dipl.-Ing.  
Technical Specialist / Post-Doc

UNIVERSITÉ DU LUXEMBOURG

LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE
Campus Belval | House of Biomedicine  
6, avenue du Swing 
L-4367 Belvaux  
T: +352 46 66 44 6124 
F: +352 46 66 44 6949  
http://www.uni.lu/lcsb

        

----
This message is confidential and may contain privileged information. 
It is intended for the named recipient only. 
If you receive it in error please notify me and permanently delete the original message and any copies. 
----

  

> On 07 Jul 2016, at 18:06, Petr Vobornik <pvoborni at redhat.com> wrote:
> 
> On 07/04/2016 05:54 PM, Christophe TREFOIS wrote:
>> Dear all,
>> 
>> First of all, thanks to mbasti for helping out so far.
>> 
>> We have a 3-node master cluster (—setup-ca) on 4.1 and setup a 4th using 4.2.0 as we want to migrate there.
>> 
>> First, we had some orphan entries in ipa-replica-manage list. We removed those by manually removing the LDAP node + children in cn=etc,cn=ipa,cn=masters.
>> Then, we saw that there is still an orphan entry here:
>> 
>> ldapsearch -xLLL -D "cn=directory manager" -W -b dc=uni,dc=lu '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))’
>> 
>> In particular, there is one ghost entry for nsDS5ReplicaBindDN
>> 
>> This is the details of ldapsearch -x -D 'cn=directory manager' -W -b 'cn=Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat,ou=csusers,cn=config'
>> 
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat,ou=csusers,cn=config> with scope subtree
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>> 
>> # Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat, csusers, config
>> dn: cn=Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat,ou=csusers
>> ,cn=config
>> objectClass: top
>> objectClass: person
>> cn: Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat
>> sn: manager
>> userPassword:: **REMOVED**
>> =
>> 
>> # search result
>> search: 2
>> result: 0 Success
>> 
>> # numResponses: 2
>> # numEntries: 1
>> 
>> In addition, in slapd error log, i periodically (every 5 mins) see the following errors:
>> 
>> [04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://server1.uni.lu:389/o%3Dipaca) failed.
>> [04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://server1.uni.lu:389/o%3Dipaca) failed.
>> [04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace (nsslapd-referral, ldap://server1.uni.lu:389/o%3Dipaca) failed.
>> 
>> Could anybody help me to clean up the orphaned master replica (that is dead) and also tell if these attr_replace errors are related?
> 
> Hello Christophe,
> 
> this is result of not running `ipa-csreplica-manage del` prior running `ipa-replica-manage del` or `ipa-server-install --uninstall`.
> 
> Solution is described at: https://www.freeipa.org/page/Troubleshooting#Obsolete_RUV_records
> 
>> 
>> Thank you for your help in this,
>> 
>> Kind regards,
>> 
>>>> Christophe
>> 
>> 
> 
> 
> -- 
> Petr Vobornik

More information about the Freeipa-users mailing list