[Freeipa-users] nsds5ReplConflict / Replication issue!

Devin Acosta devin at pabstatencio.com
Fri May 6 19:29:26 UTC 2016 

> I am running the latest FreeIPA on CentOS 7.2.
>
> I noticed I had a “nsds5ReplConflict” with an item, i tried to follow 
> the webpage to rename and delete but that failed. I then tried to have 
> ipa1-i2x reload from ipa01-aws instance, now now it seems to have gone 
> maybe worse?
> can you please advise how to get back to a healthy system. I initially 
> added a system account as recommended so i could have say like 
> Jira/Confluence do User searches against IDM.
>
> [dacosta at ipa1-i2x ~]$ ldapsearch -x -D "cn=directory manager" -w 
> ‘password' -b "dc=rsinc,dc=local" "nsds5ReplConflict=*" \* 
> nsds5ReplConflict
> # extended LDIF
> #
> # LDAPv3
> # base <dc=rsinc,dc=local> with scope subtree
> # filter: nsds5ReplConflict=*
> # requesting: * nsds5ReplConflict
> #
>
> # 7ad08581-059911e6-b55c83a4-93228cdf + ldapsearch, sysaccounts, etc, 
> rsinc.loc
> al
> dn: 
> nsuniqueid=7ad08581-059911e6-b55c83a4-93228cdf+uid=ldapsearch,cn=sysaccoun 
>
> ts,cn=etc,dc=rsinc,dc=local
> userPassword:: e1NTSEF9M3krdTh5TkdYV=
> =
> uid: ldapsearch
> objectClass: account
> objectClass: simplesecurityobject
> objectClass: top
> nsds5ReplConflict: namingConflict 
> uid=ldapsearch,cn=sysaccounts,cn=etc,dc=rsin
> c,dc=local
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> [dacosta at ipa1-i2x ~]$ ./ipa_check_consistency -H "ipa1-i2x.local 
> ipa01-aws.rsinc.local" -d RSINC.LOCAL
> Directory Manager password:
> FreeIPA servers: ipa1-i2x ipa01-aws STATE
> ===================================================
> Active Users ERROR 33 FAIL
> Stage Users ERROR 0 FAIL
> Preserved Users ERROR 0 FAIL
> User Groups ERROR 7 FAIL
> Hosts ERROR 82 FAIL
> Host Groups ERROR 1 FAIL
> HBAC Rules ERROR 2 FAIL
> SUDO Rules ERROR 4 FAIL
> DNS Zones ERROR 14 FAIL
> LDAP Conflicts ERROR YES FAIL
> Anonymous BIND ERROR on FAIL
> Replication Status ipa02-aws 0
> ipa1-i2x 0
> ===================================================
>
>
> [dacosta at ipa1-i2x ~]$ ipa-replica-manage list
> ipa: WARNING: session memcached servers not running
> ipa02-aws.rsinc.local: master
> ipa01-aws.rsinc.local: master
> ipa1-i2x.rsinc.local: master
>
>
> Devin Acosta
> Linux Certified Engineer
> e: devin at linuxguru.co
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160506/1b1ef55f/attachment.htm>

More information about the Freeipa-users mailing list