[Freeipa-users] nsds5ReplConflict / Replication issue!

Mark Reynolds mareynol at redhat.com
Fri May 6 21:02:09 UTC 2016 


On 05/06/2016 03:29 PM, Devin Acosta wrote:
>> I am running the latest FreeIPA on CentOS 7.2.
>>
>> I noticed I had a “nsds5ReplConflict” with an item, i tried to follow 
>> the webpage to rename and delete but that failed.
Is this the page you looked at:

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html

If it is the same process, what exactly failed?

Thanks,
Mark
>> I then tried to have ipa1-i2x reload from ipa01-aws instance, now now 
>> it seems to have gone maybe worse?
>> can you please advise how to get back to a healthy system. I 
>> initially added a system account as recommended so i could have say 
>> like Jira/Confluence do User searches against IDM.
>>
>> [dacosta at ipa1-i2x ~]$ ldapsearch -x -D "cn=directory manager" -w 
>> ‘password' -b "dc=rsinc,dc=local" "nsds5ReplConflict=*" \* 
>> nsds5ReplConflict
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=rsinc,dc=local> with scope subtree
>> # filter: nsds5ReplConflict=*
>> # requesting: * nsds5ReplConflict
>> #
>>
>> # 7ad08581-059911e6-b55c83a4-93228cdf + ldapsearch, sysaccounts, etc, 
>> rsinc.loc
>> al
>> dn: 
>> nsuniqueid=7ad08581-059911e6-b55c83a4-93228cdf+uid=ldapsearch,cn=sysaccoun
>> ts,cn=etc,dc=rsinc,dc=local
>> userPassword:: e1NTSEF9M3krdTh5TkdYV=
>> =
>> uid: ldapsearch
>> objectClass: account
>> objectClass: simplesecurityobject
>> objectClass: top
>> nsds5ReplConflict: namingConflict 
>> uid=ldapsearch,cn=sysaccounts,cn=etc,dc=rsin
>> c,dc=local
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>> [dacosta at ipa1-i2x ~]$ ./ipa_check_consistency -H "ipa1-i2x.local 
>> ipa01-aws.rsinc.local" -d RSINC.LOCAL
>> Directory Manager password:
>> FreeIPA servers: ipa1-i2x ipa01-aws STATE
>> ===================================================
>> Active Users ERROR 33 FAIL
>> Stage Users ERROR 0 FAIL
>> Preserved Users ERROR 0 FAIL
>> User Groups ERROR 7 FAIL
>> Hosts ERROR 82 FAIL
>> Host Groups ERROR 1 FAIL
>> HBAC Rules ERROR 2 FAIL
>> SUDO Rules ERROR 4 FAIL
>> DNS Zones ERROR 14 FAIL
>> LDAP Conflicts ERROR YES FAIL
>> Anonymous BIND ERROR on FAIL
>> Replication Status ipa02-aws 0
>> ipa1-i2x 0
>> ===================================================
>>
>>
>> [dacosta at ipa1-i2x ~]$ ipa-replica-manage list
>> ipa: WARNING: session memcached servers not running
>> ipa02-aws.rsinc.local: master
>> ipa01-aws.rsinc.local: master
>> ipa1-i2x.rsinc.local: master
>>
>>
>> Devin Acosta
>> Linux Certified Engineer
>> e: devin at linuxguru.co
>>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160506/e2bf651f/attachment.htm>

More information about the Freeipa-users mailing list