[Freeipa-users] how to resolve replication conflicts
Tiemen Ruiten
t.ruiten at rdmedia.com
Thu Feb 16 12:32:40 UTC 2017
Hello,
I have a FreeIPA setup in which some masters suffered from a few
uncontrolled shutdowns and now there are replication conflicts (which
prevent from setting the Domain Level to 1).
I was trying to follow the instructions here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/ipa-replica-manage.html
But unfortunately I'm not getting anywhere. This the result of an
ldapsearch for replication conflicts:
> [root at moscovium ~]# ldapsearch -x -D "cn=directory manager" -W -b
> "dc=ipa,dc=rdmedia,dc=com" "nsds5ReplConflict=*" \* nsds5ReplConflict
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=ipa,dc=rdmedia,dc=com> with scope subtree
> # filter: nsds5ReplConflict=*
> # requesting: * nsds5ReplConflict
> #
> # servers + 334bfc53-cdae11e6-8a85a70a-bda98fae, dns, ipa.rdmedia.com
> dn:
> cn=servers+nsuniqueid=334bfc53-cdae11e6-8a85a70a-bda98fae,cn=dns,dc=ipa,dc
> =rdmedia,dc=com
> objectClass: nsContainer
> objectClass: top
> cn: servers
> nsds5ReplConflict: namingConflict
> cn=servers,cn=dns,dc=ipa,dc=rdmedia,dc=com
> # System: Add CA + 334bfbe5-cdae11e6-8a85a70a-bda98fae, permissions, pbac,
> ipa.
> rdmedia.com
> dn: cn=System: Add
> CA+nsuniqueid=334bfbe5-cdae11e6-8a85a70a-bda98fae,cn=permis
> sions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=ipaca)
> ipaPermRight: add
> ipaPermBindRuleType: permission
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Add CA
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermLocation: cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: add
> ca,cn=permissions,cn=pbac,dc=
> ipa,dc=rdmedia,dc=com
# System: Delete CA + 334bfbe9-cdae11e6-8a85a70a-bda98fae, permissions,
> pbac, i
> pa.rdmedia.com
> dn: cn=System: Delete
> CA+nsuniqueid=334bfbe9-cdae11e6-8a85a70a-bda98fae,cn=per
> missions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=ipaca)
> ipaPermRight: delete
> ipaPermBindRuleType: permission
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Delete CA
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermLocation: cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: delete
> ca,cn=permissions,cn=pbac,
> dc=ipa,dc=rdmedia,dc=com
> # System: Modify CA + 334bfbed-cdae11e6-8a85a70a-bda98fae, permissions,
> pbac, i
> pa.rdmedia.com
> dn: cn=System: Modify
> CA+nsuniqueid=334bfbed-cdae11e6-8a85a70a-bda98fae,cn=per
> missions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=ipaca)
> ipaPermRight: write
> ipaPermBindRuleType: permission
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Modify CA
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermDefaultAttr: description
> ipaPermDefaultAttr: cn
> ipaPermLocation: cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: modify
> ca,cn=permissions,cn=pbac,
> dc=ipa,dc=rdmedia,dc=com
> # System: Read CAs + 334bfbf1-cdae11e6-8a85a70a-bda98fae, permissions,
> pbac, ip
> a.rdmedia.com
> dn: cn=System: Read
> CAs+nsuniqueid=334bfbf1-cdae11e6-8a85a70a-bda98fae,cn=perm
> issions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=ipaca)
> ipaPermRight: read
> ipaPermRight: compare
> ipaPermRight: search
> ipaPermBindRuleType: all
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Read CAs
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> ipaPermDefaultAttr: description
> ipaPermDefaultAttr: ipacaissuerdn
> ipaPermDefaultAttr: objectclass
> ipaPermDefaultAttr: ipacasubjectdn
> ipaPermDefaultAttr: ipacaid
> ipaPermDefaultAttr: cn
> ipaPermLocation: cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: read
> cas,cn=permissions,cn=pbac,d
> c=ipa,dc=rdmedia,dc=com
> # System: Modify DNS Servers Configuration +
> 334bfbf6-cdae11e6-8a85a70a-bda98fa
> e, permissions, pbac, ipa.rdmedia.com
> dn: cn=System: Modify DNS Servers
> Configuration+nsuniqueid=334bfbf6-cdae11e6-8
> a85a70a-bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
> ipaPermRight: write
> ipaPermBindRuleType: permission
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Modify DNS Servers Configuration
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> member: cn=DNS
> Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermDefaultAttr: idnssoamname
> ipaPermDefaultAttr: idnssubstitutionvariable
> ipaPermDefaultAttr: idnsforwardpolicy
> ipaPermDefaultAttr: idnsforwarders
> ipaPermLocation: dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: modify dns servers
> configuration,
> cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> # System: Read DNS Servers Configuration +
> 334bfbfa-cdae11e6-8a85a70a-bda98fae,
> permissions, pbac, ipa.rdmedia.com
> dn: cn=System: Read DNS Servers
> Configuration+nsuniqueid=334bfbfa-cdae11e6-8a8
> 5a70a-bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
> ipaPermRight: read
> ipaPermRight: compare
> ipaPermRight: search
> ipaPermBindRuleType: permission
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Read DNS Servers Configuration
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> member: cn=DNS
> Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> member: cn=DNS Servers,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermDefaultAttr: idnsforwardpolicy
> ipaPermDefaultAttr: objectclass
> ipaPermDefaultAttr: idnsforwarders
> ipaPermDefaultAttr: idnsserverid
> ipaPermDefaultAttr: idnssubstitutionvariable
> ipaPermDefaultAttr: idnssoamname
> ipaPermLocation: dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: read dns servers
> configuration,cn
> =permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> # System: Manage Host Principals + 334bfc0b-cdae11e6-8a85a70a-bda98fae,
> permiss
> ions, pbac, ipa.rdmedia.com
> dn: cn=System: Manage Host
> Principals+nsuniqueid=334bfc0b-cdae11e6-8a85a70a-bd
> a98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=ipahost)
> ipaPermRight: write
> ipaPermBindRuleType: permission
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Manage Host Principals
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> member: cn=Host
> Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermDefaultAttr: krbprincipalname
> ipaPermDefaultAttr: krbcanonicalname
> ipaPermLocation: cn=computers,cn=accounts,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: manage host
> principals,cn=permiss
> ions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> # System: Add IPA Locations + 334bfc20-cdae11e6-8a85a70a-bda98fae,
> permissions,
> pbac, ipa.rdmedia.com
> dn: cn=System: Add IPA
> Locations+nsuniqueid=334bfc20-cdae11e6-8a85a70a-bda98fa
> e,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=ipaLocationObject)
> ipaPermRight: add
> ipaPermBindRuleType: permission
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Add IPA Locations
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> member: cn=DNS
> Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermLocation: cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: add ipa
> locations,cn=permissions,
> cn=pbac,dc=ipa,dc=rdmedia,dc=com
> # System: Modify IPA Locations + 334bfc24-cdae11e6-8a85a70a-bda98fae,
> permissio
> ns, pbac, ipa.rdmedia.com
> dn: cn=System: Modify IPA
> Locations+nsuniqueid=334bfc24-cdae11e6-8a85a70a-bda9
> 8fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=ipaLocationObject)
> ipaPermRight: write
> ipaPermBindRuleType: permission
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Modify IPA Locations
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> member: cn=DNS
> Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermDefaultAttr: description
> ipaPermLocation: cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: modify ipa
> locations,cn=permissio
> ns,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> # System: Read IPA Locations + 334bfc28-cdae11e6-8a85a70a-bda98fae,
> permissions
> , pbac, ipa.rdmedia.com
> dn: cn=System: Read IPA
> Locations+nsuniqueid=334bfc28-cdae11e6-8a85a70a-bda98f
> ae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=ipaLocationObject)
> ipaPermRight: read
> ipaPermRight: compare
> ipaPermRight: search
> ipaPermBindRuleType: permission
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Read IPA Locations
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> member: cn=DNS
> Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermDefaultAttr: objectclass
> ipaPermDefaultAttr: description
> ipaPermDefaultAttr: idnsname
> ipaPermLocation: cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: read ipa
> locations,cn=permissions
> ,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> # System: Remove IPA Locations + 334bfc2c-cdae11e6-8a85a70a-bda98fae,
> permissio
> ns, pbac, ipa.rdmedia.com
> dn: cn=System: Remove IPA
> Locations+nsuniqueid=334bfc2c-cdae11e6-8a85a70a-bda9
> 8fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=ipaLocationObject)
> ipaPermRight: delete
> ipaPermBindRuleType: permission
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Remove IPA Locations
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> member: cn=DNS
> Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermLocation: cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: remove ipa
> locations,cn=permissio
> ns,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> # System: Read Locations of IPA Servers +
> 334bfc30-cdae11e6-8a85a70a-bda98fae,
> permissions, pbac, ipa.rdmedia.com
> dn: cn=System: Read Locations of IPA
> Servers+nsuniqueid=334bfc30-cdae11e6-8a85
> a70a-bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=ipaConfigObject)
> ipaPermRight: read
> ipaPermRight: compare
> ipaPermRight: search
> ipaPermBindRuleType: permission
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Read Locations of IPA Servers
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> member: cn=DNS
> Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermDefaultAttr: objectclass
> ipaPermDefaultAttr: ipaserviceweight
> ipaPermDefaultAttr: ipalocation
> ipaPermDefaultAttr: cn
> ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: read locations of ipa
> servers,cn=
> permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> # System: Read Status of Services on IPA Servers +
> 334bfc34-cdae11e6-8a85a70a-b
> da98fae, permissions, pbac, ipa.rdmedia.com
> dn: cn=System: Read Status of Services on IPA
> Servers+nsuniqueid=334bfc34-cdae
> 11e6-8a85a70a-bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=ipaConfigObject)
> ipaPermRight: read
> ipaPermRight: compare
> ipaPermRight: search
> ipaPermBindRuleType: permission
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Read Status of Services on IPA Servers
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> member: cn=DNS
> Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermDefaultAttr: objectclass
> ipaPermDefaultAttr: ipaconfigstring
> ipaPermDefaultAttr: cn
> ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: read status of services on
> ipa se
> rvers,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> # System: Manage Service Principals + 334bfc38-cdae11e6-8a85a70a-bda98fae,
> perm
> issions, pbac, ipa.rdmedia.com
> dn: cn=System: Manage Service
> Principals+nsuniqueid=334bfc38-cdae11e6-8a85a70a
> -bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=ipaservice)
> ipaPermRight: write
> ipaPermBindRuleType: permission
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Manage Service Principals
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> member: cn=Service
> Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=c
> om
> ipaPermDefaultAttr: krbprincipalname
> ipaPermDefaultAttr: krbcanonicalname
> ipaPermLocation: cn=services,cn=accounts,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: manage service
> principals,cn=perm
> issions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> # System: Manage User Principals + 334bfc45-cdae11e6-8a85a70a-bda98fae,
> permiss
> ions, pbac, ipa.rdmedia.com
> dn: cn=System: Manage User
> Principals+nsuniqueid=334bfc45-cdae11e6-8a85a70a-bd
> a98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> ipaPermTargetFilter: (objectclass=posixaccount)
> ipaPermRight: write
> ipaPermBindRuleType: permission
> ipaPermissionType: V2
> ipaPermissionType: MANAGED
> ipaPermissionType: SYSTEM
> cn: System: Manage User Principals
> objectClass: ipapermission
> objectClass: top
> objectClass: groupofnames
> objectClass: ipapermissionv2
> member: cn=User
> Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> member: cn=Modify Users and Reset
> passwords,cn=privileges,cn=pbac,dc=ipa,dc=rd
> media,dc=com
> ipaPermDefaultAttr: krbprincipalname
> ipaPermDefaultAttr: krbcanonicalname
> ipaPermLocation: cn=users,cn=accounts,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict cn=system: manage user
> principals,cn=permiss
> ions,cn=pbac,dc=ipa,dc=rdmedia,dc=com
> # locations + 334bfba2-cdae11e6-8a85a70a-bda98fae, etc, ipa.rdmedia.com
> dn:
> cn=locations+nsuniqueid=334bfba2-cdae11e6-8a85a70a-bda98fae,cn=etc,dc=ipa,
> dc=rdmedia,dc=com
> objectClass: nsContainer
> objectClass: top
> cn: locations
> nsds5ReplConflict: namingConflict
> cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com
> aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl
> "permi
> ssion:System: Add IPA Locations";allow (add) groupdn =
> "ldap:///cn=System: Ad
> d IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com";)
> aci: (targetattr = "description")(targetfilter =
> "(objectclass=ipaLocationObje
> ct)")(version 3.0;acl "permission:System: Modify IPA Locations";allow
> (write)
> groupdn = "ldap:///cn=System: Modify IPA
> Locations,cn=permissions,cn=pbac,dc
> =ipa,dc=rdmedia,dc=com";)
> aci: (targetattr = "createtimestamp || description || entryusn || idnsname
> ||
> modifytimestamp || objectclass")(targetfilter =
> "(objectclass=ipaLocationObje
> ct)")(version 3.0;acl "permission:System: Read IPA Locations";allow
> (compare,
> read,search) groupdn = "ldap:///cn=System: Read IPA
> Locations,cn=permissions,
> cn=pbac,dc=ipa,dc=rdmedia,dc=com";)
> aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl
> "permi
> ssion:System: Remove IPA Locations";allow (delete) groupdn =
> "ldap:///cn=Syst
> em: Remove IPA
> Locations,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com";)
> # neon.ipa.rdmedia.com + 1b780d06-017611e6-966aeb96-de53d9d8, computers,
> accoun
> ts, ipa.rdmedia.com
> dn: fqdn=neon.ipa.rdmedia.com
> +nsuniqueid=1b780d06-017611e6-966aeb96-de53d9d8,c
> n=computers,cn=accounts,dc=ipa,dc=rdmedia,dc=com
> krbExtraData::
> AAJIQA5XaG9zdC9uZW9uLmlwYS5yZG1lZGlhLmNvbUBJUEEuUkRNRURJQS5DT00
> A
> enrolledBy: uid=admin,cn=users,cn=accounts,dc=ipa,dc=rdmedia,dc=com
> krbLastPwdChange: 20160413124912Z
> krbPrincipalKey::
> MIIBKKADAgEBoQMCAQGiAwIBAaMDAgEBpIIBEDCCAQwwS6FJMEegAwIBEqFA
>
> BD4gAPd2yVptQC/d3mk7xdb3skL+KkkUzewAxCF0FJgXXuBVt1y2GHtnhzILNe91amjovgXAFEujn
>
> 8x6YrwHXDA7oTkwN6ADAgERoTAELhAAPbI3gwakFyt9EnCqDLWst6FeXKO0Fwvx3+gZZOGmYQpr0Z
>
> ujLLtmJuJVmS8wQ6FBMD+gAwIBEKE4BDYYABMJXEKVH2Yn4nGzJ5woqDjO2dVUx8nQ+1NSi6dREwy
>
> 8T+7VrbdVOpaQgkUx4czwkhxKvVcwO6E5MDegAwIBF6EwBC4QABWhTKkWc50oJlpSw/FK2yhl+ZUo
> MZt0XHA/xdPXDD3DxGV5cx2MgvJEhJzs
> cn: neon.ipa.rdmedia.com
> objectClass: ipaobject
> objectClass: ieee802device
> objectClass: nshost
> objectClass: ipaservice
> objectClass: pkiuser
> objectClass: ipahost
> objectClass: krbprincipal
> objectClass: krbprincipalaux
> objectClass: ipasshhost
> objectClass: top
> objectClass: ipaSshGroupOfPubKeys
> fqdn: neon.ipa.rdmedia.com
> managedBy: fqdn=neon.ipa.rdmedia.com
> ,cn=computers,cn=accounts,dc=ipa,dc=rdmedi
> a,dc=com
> krbPrincipalName: host/neon.ipa.rdmedia.com at IPA.RDMEDIA.COM
> serverHostName: neon
> ipaUniqueID: 1eaa355c-0176-11e6-8dd5-001a4aa7101c
> krbPwdPolicyReference: cn=Default Host Password
> Policy,cn=computers,cn=account
> s,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplConflict: namingConflict fqdn=neon.ipa.rdmedia.com
> ,cn=computers,cn=ac
> counts,dc=ipa,dc=rdmedia,dc=com
> # cas + 334bfba8-cdae11e6-8a85a70a-bda98fae, ca, ipa.rdmedia.com
> dn:
> cn=cas+nsuniqueid=334bfba8-cdae11e6-8a85a70a-bda98fae,cn=ca,dc=ipa,dc=rdme
> dia,dc=com
> objectClass: nsContainer
> objectClass: top
> cn: cas
> nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com
> aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
> "permission:System
> : Add CA";allow (add) groupdn = "ldap:///cn=System: Add
> CA,cn=permissions,cn=
> pbac,dc=ipa,dc=rdmedia,dc=com";)
> aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
> "permission:System
> : Delete CA";allow (delete) groupdn = "ldap:///cn=System: Delete
> CA,cn=permis
> sions,cn=pbac,dc=ipa,dc=rdmedia,dc=com";)
> aci: (targetattr = "cn || description")(targetfilter =
> "(objectclass=ipaca)")(
> version 3.0;acl "permission:System: Modify CA";allow (write) groupdn =
> "ldap:
> ///cn=System: Modify CA,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com";)
> aci: (targetattr = "cn || createtimestamp || description || entryusn ||
> ipacai
> d || ipacaissuerdn || ipacasubjectdn || modifytimestamp ||
> objectclass")(targ
> etfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System:
> Read CA
> s";allow (compare,read,search) userdn = "ldap:///all";)
> # custodia + 334bfbdb-cdae11e6-8a85a70a-bda98fae, ipa, etc,
> ipa.rdmedia.com
> dn:
> cn=custodia+nsuniqueid=334bfbdb-cdae11e6-8a85a70a-bda98fae,cn=ipa,cn=etc,d
> c=ipa,dc=rdmedia,dc=com
> objectClass: nsContainer
> objectClass: top
> cn: custodia
> nsds5ReplConflict: namingConflict
> cn=custodia,cn=ipa,cn=etc,dc=ipa,dc=rdmedia,
> dc=com
> # domain + 334bfb9e-cdae11e6-8a85a70a-bda98fae, topology, ipa, etc,
> ipa.rdmedia
> .com
> dn:
> cn=domain+nsuniqueid=334bfb9e-cdae11e6-8a85a70a-bda98fae,cn=topology,cn=ip
> a,cn=etc,dc=ipa,dc=rdmedia,dc=com
> nsds5ReplicaStripAttrs: modifiersName modifyTimestamp
> internalModifiersName in
> ternalModifyTimestamp
> ipaReplTopoConfRoot: dc=ipa,dc=rdmedia,dc=com
> objectClass: top
> objectClass: iparepltopoconf
> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn
> krblasts
> uccessfulauth krblastfailedauth krbloginfailedcount
> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof
> idnssoaserial
> entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
> cn: domain
> nsds5ReplConflict: namingConflict
> cn=domain,cn=topology,cn=ipa,cn=etc,dc=ipa,d
> c=rdmedia,dc=com
> # ca + 334bfbe0-cdae11e6-8a85a70a-bda98fae, topology, ipa, etc,
> ipa.rdmedia.com
> dn:
> cn=ca+nsuniqueid=334bfbe0-cdae11e6-8a85a70a-bda98fae,cn=topology,cn=ipa,cn
> =etc,dc=ipa,dc=rdmedia,dc=com
> objectClass: top
> objectClass: iparepltopoconf
> cn: ca
> ipaReplTopoConfRoot: o=ipaca
> nsds5ReplConflict: namingConflict
> cn=ca,cn=topology,cn=ipa,cn=etc,dc=ipa,dc=rd
> media,dc=com
> # dogtag + 334bfbdd-cdae11e6-8a85a70a-bda98fae, custodia +
> 334bfbdb-cdae11e6-8a
> 85a70a-bda98fae, ipa, etc, ipa.rdmedia.com
> dn:
> cn=dogtag+nsuniqueid=334bfbdd-cdae11e6-8a85a70a-bda98fae,cn=custodia+nsuni
>
> queid=334bfbdb-cdae11e6-8a85a70a-bda98fae,cn=ipa,cn=etc,dc=ipa,dc=rdmedia,dc=
> com
> objectClass: nsContainer
> objectClass: top
> cn: dogtag
> nsds5ReplConflict: namingConflict
> cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=ipa,d
> c=rdmedia,dc=com
> # lawrencium + 6c7e3d83-c11711e6-8a85a70a-bda98fae, ipa.rdmedia.com.,
> dns, ipa.
> rdmedia.com
> dn:
> idnsName=lawrencium+nsuniqueid=6c7e3d83-c11711e6-8a85a70a-bda98fae,idnsnam
> e=ipa.rdmedia.com.,cn=dns,dc=ipa,dc=rdmedia,dc=com
> aRecord: 192.168.50.55
> dNSTTL: 1200
> objectClass: idnsRecord
> objectClass: top
> idnsName: lawrencium
> nsds5ReplConflict: namingConflict idnsname=lawrencium,idnsname=
> ipa.rdmedia.com
> .,cn=dns,dc=ipa,dc=rdmedia,dc=com
> # mendelevium + e5710f85-c5c511e6-8a85a70a-bda98fae, ipa.rdmedia.com.,
> dns, ipa
> .rdmedia.com
> dn:
> idnsName=mendelevium+nsuniqueid=e5710f85-c5c511e6-8a85a70a-bda98fae,idnsna
> me=ipa.rdmedia.com.,cn=dns,dc=ipa,dc=rdmedia,dc=com
> aRecord: 192.168.50.52
> dNSTTL: 1200
> objectClass: idnsRecord
> objectClass: top
> idnsName: mendelevium
> nsds5ReplConflict: namingConflict idnsname=mendelevium,idnsname=
> ipa.rdmedia.co
> m.,cn=dns,dc=ipa,dc=rdmedia,dc=com
> # 41 + e764de07-5e2f11e6-bd76eb96-de53d9d8, 120.100.10.in-addr.arpa., dns,
> ipa.
> rdmedia.com
> dn:
> idnsname=41+nsuniqueid=e764de07-5e2f11e6-bd76eb96-de53d9d8,idnsname=120.10
> 0.10.in-addr.arpa.,cn=dns,dc=ipa,dc=rdmedia,dc=com
> objectClass: top
> objectClass: idnsrecord
> pTRRecord: arsenica.ipa.rdmedia.com.
> idnsName: 41
> nsds5ReplConflict: namingConflict
> idnsname=41,idnsname=120.100.10.in-addr.arpa
> .,cn=dns,dc=ipa,dc=rdmedia,dc=com
> # ipa + 58d90aec-cdae11e6-8a85a70a-bda98fae, cas +
> 334bfba8-cdae11e6-8a85a70a-b
> da98fae, ca, ipa.rdmedia.com
> dn:
> cn=ipa+nsuniqueid=58d90aec-cdae11e6-8a85a70a-bda98fae,cn=cas+nsuniqueid=33
> 4bfba8-cdae11e6-8a85a70a-bda98fae,cn=ca,dc=ipa,dc=rdmedia,dc=com
> description: IPA CA
> ipaCaIssuerDN: CN=Certificate Authority,O=IPA.RDMEDIA.COM
> objectClass: top
> objectClass: ipaca
> ipaCaSubjectDN: CN=Certificate Authority,O=IPA.RDMEDIA.COM
> ipaCaId: 21547c03-13c3-4f4f-992b-b0257012d1c1
> cn: ipa
> nsds5ReplConflict: namingConflict
> cn=ipa,cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com
> # search result
> search: 2
> result: 0 Success
> # numResponses: 28
> # numEntries: 27
So when I try eg. this...
[root at moscovium ~]# ldapmodify -x -D "cn=directory manager" -W -h
> moscovium.ipa.rdmedia.com -p 389
> Enter LDAP Password:
> dn: fqdn=neon.ipa.rdmedia.com
> +nsuniqueid=1b780d06-017611e6-966aeb96-de53d9d8,c
> n=computers,cn=accounts,dc=ipa,dc=rdmedia,dc=com
> changetype: modrdn
> newrdn fqdn=neontemp.ipa.rdmedia.com
> deleteoldrdn: 0
...I get:
ldapmodify: invalid format (line 3) entry: "fqdn=neon.ipa.rdmedia.com
> +nsuniqueid=1b780d06-017611e6-966aeb96-de53d9d8,cn=computers,cn=accounts,dc=ipa,dc=rdmedia,dc=com"
So my question: what can I do to resolve the conflicts?
--
Tiemen Ruiten
Systems Engineer
R&D Media
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170216/20c84ab5/attachment.htm>
More information about the Freeipa-users
mailing list