[Freeipa-users] be_pam_handler_callback Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
Ludwig
lkrispen at redhat.com
Wed Jan 25 13:41:14 UTC 2017
On 01/25/2017 12:44 PM, Harald Dunkel wrote:
> Hi Thierry,
>
> On 01/24/17 17:56, thierry bordaz wrote:
>>
>> On 01/24/2017 04:18 PM, Harald Dunkel wrote:
>>> Would you suggest to disconnect ipabak from the network and ipa1,
>>> cleanup the mess as far as possible, and then connect ipabak
>>> to the network again to rely upon the regular replica synchroni-
>>> zation?
>> Yes, as soon as ipaback is in sync with ipa1 and you took a snapshot of ipaback, I think you can disconnect ipaback and run your script on it (iterating with the snapshot).
>>
> My concern is that I will run into new conflicts on connecting
> the modified ipaback back with ipa1?
conflict entries are only created if you do the same operation in
parallel on different replicas. Once existing they behave like normal
entries (only with special dns), eg if you delete it on one replica the
delete will be replicated to the other replicas - either immediately if
they are connected or later when they will be connected again.
I think what Thierry is suggesting is, that if you make mistakes in your
cleanup these mistakes would also be replicated immediately if every
replcia is connected, so disconnecting allows you to do a backup and
then try the cleanup and when successful connect agai and have the
cleanup operations replicated.
>
>
> Regards
> Harri
>
More information about the Freeipa-users
mailing list