[Freeipa-users] Replica without CA: implications?
Cal Sawyer
cal-s at blue-bolt.com
Wed Jun 8 11:36:53 UTC 2016
Thanks very much for this, Petr.
[08/Jun/2016:12:28:42 +0100] NSMMReplicationPlugin - CleanAllRUV Task
(rid 8): Successfully cleaned rid(8).
on master and all replicas. Voila - all error logs are now quiet
Cal Sawyer | Systems Engineer | BlueBolt Ltd
15-16 Margaret Street | London W1W 8RW
+44 (0)20 7637 5575 | www.blue-bolt.com
On 08/06/16 11:55, Petr Vobornik wrote:
> On 06/08/2016 11:15 AM, Cal Sawyer wrote:
>> In /var/log/dirsrv/slapd-LOCALDOMAIN-LOCAL/errors on all IPA
>> master/replicas:, there's a multitude of these messages. There are no
>> other error messages and replication, from viewing access log, appears
>> to be working
>>
>> [08/Jun/2016:10:06:08 +0100] attrlist_replace - attr_replace
>> (nsslapd-referral,
>> ldap://ipa.localdomain.local:389/dc%3Dlocaldomain%2Cdc%3Dlocal) failed.
>>
>>> ipa-replica-manage list-ruv
>> ipa.localdomain.local:389: 4
>> ipa4.localdomain.local:389: 28
>> ipa2.localdomain.local:389: 17
>> ipa3.localdomain.local:389: 29
>> ipa2.localdomain.local:389: 8
>>
>> This is correct, yes?
>>
>> - c sawyer
>>
> one of(probably 8):
> ipa2.localdomain.local:389: 17
> ipa2.localdomain.local:389: 8
>
> is incorrect.
>
> https://www.freeipa.org/page/Troubleshooting#Obsolete_RUV_records
>
> You need to identify which one is INCORRECT and then run
> ipa-replica-manage clean-ruv $incorrect command.
>
> The CORRECT one can identified with:
>
> ldapsearch -ZZ -h ipa2.localdomain.local -D "cn=Directory Manager" -W -b
> "dc=localdomain,dc=local"
> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
> | grep "nsDS5ReplicaId"
>
>
More information about the Freeipa-users
mailing list