[Freeipa-users] Struggling to remove redundant RUV records

Tue Jul 19 17:22:42 UTC 2016

Hi,

We had to replace a failed replica "ipa003.mgmt.prod.local".
Unfortunately, deleting the old copy prior to creating the replacement
doesn't seem to have worked and we're getting lots of errors like :-

attrlist_replace - attr_replace (nsslapd-referral,
ldap://ipa003.mgmt.prod.local:389 ... failed.

In the dirsrv logs.

One problem is that there are now two RUVs for ipa003.mgmt.prod.local.
How do I identify which is the live one so I can delete the redundant one ?

I'd also like to delete all the old "unable to decode" replicas. I found
a posting with an ldapsearch (see below), but this seems to give numbers
that don't match the replica IDs. Do I need to translate the search
results in some fashion or use a different search ?

Many Thanks

Bob Hinton

-sh-4.2$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.2 (Maipo)

-sh-4.2$ ipa --version
VERSION: 4.2.0, API_VERSION: 2.156

sh-4.2$ sudo ipa-replica-manage list-ruv
Directory Manager password:

unable to decode: {replica 15} 568d15720002000f0000 568d15720002000f0000
unable to decode: {replica 13} 568ed0a90001000d0000 56ebea6b0001000d0000
unable to decode: {replica 14} 568d16ea0000000e0000 56ab57950005000e0000
ipa002.mgmt.prod.local:389: 17
ipa001.mgmt.paas.local:389: 22
ipa003.mgmt.paas.local:389: 26
ipa002.mgmt.paas.local:389: 24
ipa002.mgmt.paas.local:389: 25
ipa003.mgmt.prod.local:389: 23
ipa003.mgmt.prod.local:389: 18
ipa001.mgmt.prod.local:389: 19
sh-4.2$ !996
sudo ipa-replica-manage clean-ruv 13
Directory Manager password:

unable to decode: {replica 15} 568d15720002000f0000 568d15720002000f0000
unable to decode: {replica 13} 568ed0a90001000d0000 56ebea6b0001000d0000
unable to decode: {replica 14} 568d16ea0000000e0000 56ab57950005000e0000
Replica ID 13 not found
sh-4.2$ !1000
ldapsearch -D "cn=Directory Manager" -W -h ipa003.mgmt.prod.local -b
"o=ipaca"
"(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
| grep "nsds50ruv\|nsDS5ReplicaId"
Enter LDAP Password:
nsDS5ReplicaId: 1485
nsds50ruv: {replicageneration} 54be6564000000600000
nsds50ruv: {replica 1485 ldap://ipa003.mgmt.prod.local:389} 5787b6e
nsds50ruv: {replica 1395 ldap://ipa001.mgmt.prod.local:389} 567ab7a
nsds50ruv: {replica 1490 ldap://ipa001.mgmt.paas.local:389} 5787aef
nsds50ruv: {replica 1495 ldap://ipa001.mgmt.paas.local:389} 578660e
nsds50ruv: {replica 1280 ldap://ipa002.mgmt.prod.local:389} 567949c
nsds50ruv: {replica 71 ldap://ipa4-03.local:389} 5617ba4d0000004700
nsds50ruv: {replica 1285 ldap://ipa001.mgmt.prod.local:389} 567804c
nsds50ruv: {replica 1290 ldap://ipa4-02.local:389} 561bb7bc0000050a
nsds50ruv: {replica 1295 ldap://ipa4-01.local:389} 561ba6430000050f
nsds50ruv: {replica 96 ldap://ipa0001-01.local:7389} 54be656e000000
nsds50ruv: {replica 76 ldap://ipa4-rep.local:389} 56142cde0000004c0
nsds50ruv: {replica 81 ldap://ipa0001-03.local:7389} 54c25ac6000000
nsds50ruv: {replica 86 ldap://ipa0001-02.local:7389} 54c12c1d000000
nsds50ruv: {replica 91 ldap://ipa0001-03.local:7389} 54bf475b000000
nsds50ruv: {replica 97 ldap://ipa0001-02.local:7389} 54be656b000000
nsds50ruv: {replica 1096 ldap://ipa3-rhel6.local:7389} 560d7d770000
nsds50ruv: {replica 1196 ldap://ip4-rhel7.local:389} 56137c31000004
nsds50ruv: {replica 1191 ldap://ipa4-rhel7.local:389} 5613a7ac00000
nsds50ruv: {replica 1275 ldap://ipa003.mgmt.prod.local:389} 56797be
nsds50ruv: {replica 1390 ldap://ipa002.mgmt.paas.local:389} 5787bb9
nsds50ruv: {replica 1595 ldap://ipa002.mgmt.paas.local:389} 5787db0
nsds50ruv: {replica 1590 ldap://ipa003.mgmt.paas.local:389} 5787e0f

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160719/a134d425/attachment.htm>