[Freeipa-users] Manual Cleanup
Ian Harding
ianh at brownpapertickets.com
Thu Mar 16 18:14:40 UTC 2017
I've made some progress. But I have one zombie replication agreement to
kill, I just don't know the syntax.
freeipa-dal.bpt.rocks does not exist. I want all references to it to go
away.
How would I do that with ldapmodify?
Thanks!
[root at freeipa-sea slapd-BPT-ROCKS]# ldapsearch -D "cn=directory
manager" -w ... -b "o=ipaca"
"(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
nscpentrywsi
# extended LDIF
#
# LDAPv3
# base <o=ipaca> with scope subtree
# filter:
(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))
# requesting: nscpentrywsi
#
# replica, o\3Dipaca, mapping tree, config
dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config
nscpentrywsi: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config
nscpentrywsi: cn: replica
nscpentrywsi: createTimestamp: 20160814234939Z
nscpentrywsi: creatorsName: cn=directory manager
nscpentrywsi: modifiersName: cn=Multimaster Replication
Plugin,cn=plugins,cn=c
onfig
nscpentrywsi: modifyTimestamp: 20170316181544Z
nscpentrywsi: nsDS5Flags: 1
nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager
cloneAgreement1-freei
pa-sea.bpt.rocks-pki-tomcat,ou=csusers,cn=config
nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager
masterAgreement1-free
ipa-dal.bpt.rocks-pki-tomcat,ou=csusers,cn=config
nscpentrywsi: nsDS5ReplicaBindDN: cn=Replication Manager
masterAgreement1-seat
tlenfs.bpt.rocks-pki-tomcat,ou=csusers,cn=config
nscpentrywsi: nsDS5ReplicaId: 1065
nscpentrywsi: nsDS5ReplicaName: b21a1f1e-627911e6-93e6ef4b-69dcc2d1
nscpentrywsi: nsDS5ReplicaRoot: o=ipaca
nscpentrywsi: nsDS5ReplicaType: 3
nscpentrywsi: nsState::
KQQAAAAAAABO1spYAAAAAAAAAAAAAAAAKgAAAAAAAAAAAAAAAAAAAA
==
nscpentrywsi: nsds5replicabinddngroup: cn=replication
managers,cn=sysaccounts,
cn=etc,dc=bpt,dc=rocks
nscpentrywsi: nsds5replicabinddngroupcheckinterval: 60
nscpentrywsi: objectClass: top
nscpentrywsi: objectClass: nsDS5Replica
nscpentrywsi: objectClass: extensibleobject
nscpentrywsi: numSubordinates: 2
nscpentrywsi: nsds50ruv: {replicageneration} 57c291d9000004290000
nscpentrywsi: nsds50ruv: {replica 1065 ldap://freeipa-sea.bpt.rocks:389}
57f84
0bf000004290000 58cad667000004290000
nscpentrywsi: nsds50ruv: {replica 1290 ldap://seattlenfs.bpt.rocks:389}
nscpentrywsi: nsds50ruv: {replica 1295 ldap://freeipa-dal.bpt.rocks:389}
nscpentrywsi: nsds5agmtmaxcsn:
o=ipaca;cloneAgreement1-freeipa-sea.bpt.rocks-p
ki-tomcat;seattlenfs.bpt.rocks;389;unavailable
nscpentrywsi: nsds5agmtmaxcsn:
o=ipaca;masterAgreement1-seattlenfs.bpt.rocks-p
ki-tomcat;seattlenfs.bpt.rocks;389;unavailable
nscpentrywsi: nsruvReplicaLastModified: {replica 1065
ldap://freeipa-sea.bpt.r
ocks:389} 58cad63d
nscpentrywsi: nsruvReplicaLastModified: {replica 1290
ldap://seattlenfs.bpt.ro
cks:389} 00000000
nscpentrywsi: nsruvReplicaLastModified: {replica 1295
ldap://freeipa-dal.bpt.r
ocks:389} 00000000
nscpentrywsi: nsds5ReplicaChangeCount: 15993
nscpentrywsi: nsds5replicareapactive: 0
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root at freeipa-sea slapd-BPT-ROCKS]# ipa-csreplica-manage del
freeipa-dal.bpt.rocks --forceDirectory Manager password:
'freeipa-sea.bpt.rocks' has no replication agreement for
'freeipa-dal.bpt.rocks'
[root at freeipa-sea slapd-BPT-ROCKS]# ipa-replica-manage list
seattlenfs.bpt.rocks: master
freeipa-dal.bpt.rocks: master
freeipa-sea.bpt.rocks: master
[root at freeipa-sea slapd-BPT-ROCKS]# ipa-replica-manage list
freeipa-sea.bpt.rocks
seattlenfs.bpt.rocks: replica
[root at freeipa-sea slapd-BPT-ROCKS]# ipa-csreplica-manage list
Directory Manager password:
seattlenfs.bpt.rocks: master
freeipa-dal.bpt.rocks: CA not configured
freeipa-sea.bpt.rocks: master
More information about the Freeipa-users
mailing list