<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 09/26/2016 02:56 PM, Natxo Asenjo
wrote:<br>
</div>
<blockquote
cite="mid:CAHBEJzWeEWLNdzXDJz1RuKWvM1uFpLCWDod-UoKO5U37duhrpA@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Sep 26, 2016 at 1:54 PM,
Natxo Asenjo <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:natxo.asenjo@gmail.com" target="_blank">natxo.asenjo@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex"><br>
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">
<div>
<div class="gmail-h5">On Mon, Sep 26, 2016 at 1:50
PM, Ludwig Krispenz <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:lkrispen@redhat.com"
target="_blank">lkrispen@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<div>
<div> <br>
<div>On 09/26/2016 01:36 PM, Natxo
Asenjo wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<pre>And in my example, the replica id would be 66, 96, 71 and 97, correct?
</pre>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
no, I don't think so. you searched 2 times
the same host "-h <a moz-do-not-send="true"
href="http://kdc04.unix.iriszorg.nl"
target="_blank">kdc04.unix.iriszorg.nl</a>".
<br>
you need to search on kdc03 to find the
current replicaid of kdc03 and you have to
keep it.<span><br>
</span></div>
</blockquote>
<div><br>
<br>
</div>
</div>
</div>
<div bgcolor="#FFFFFF">yes, you are right :(<br>
<br>
$ ldapsearch -Z -h <a moz-do-not-send="true"
href="http://kdc03.unix.iriszorg.nl"
target="_blank">kdc03.unix.iriszorg.nl</a> -D
"cn=Directory Manager" -W -b "o=ipaca"
"(&(objectclass=nstombstone)(<wbr>nsUniqueId=ffffffff-ffffffff-<wbr>ffffffff-ffffffff))"
| grep "nsds50ruv\|nsDS5ReplicaId"<br>
Enter LDAP Password: <br>
nsDS5ReplicaId: 66<br>
nsds50ruv: {replicageneration}
50c1015c000000600000<span class="gmail-"><br>
nsds50ruv: {replica 66 <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a
moz-do-not-send="true"
href="http://kdc03.unix.iriszorg.nl:389"
target="_blank">kdc03.unix.iriszorg.nl:<wbr>389</a>}
57e23f66000000420000<br>
nsds50ruv: {replica 1095 <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a
moz-do-not-send="true"
href="http://kdc04.unix.iriszorg.nl:389"
target="_blank">kdc04.unix.iriszorg.nl:<wbr>389</a>}
57e4d75a0000044700<br>
nsds50ruv: {replica 96 <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a
moz-do-not-send="true"
href="http://kdc01.unix.iriszorg.nl:7389"
target="_blank">kdc01.unix.iriszorg.nl:<wbr>7389</a>}
50c1016c00000060000<br>
nsds50ruv: {replica 71 <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a
moz-do-not-send="true"
href="http://kdc03.unix.iriszorg.nl:389"
target="_blank">kdc03.unix.iriszorg.nl:<wbr>389</a>}
57e140c7000000470000<br>
nsds50ruv: {replica 97 <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a
moz-do-not-send="true"
href="http://kdc02.unix.iriszorg.nl:7389"
target="_blank">kdc02.unix.iriszorg.nl:<wbr>7389</a>}
50c1016800000061000<br>
<br>
<span><br>
</span></span></div>
<div bgcolor="#FFFFFF"><span>so I need to keep 66
and 1095, and run the task on 96, 71 and 97, it
would seem.<br>
<br>
</span></div>
<div bgcolor="#FFFFFF"><span>Thanks for spotting my
error.</span></div>
</div>
</div>
</div>
</blockquote>
<div><br>
<br>
</div>
<div>ok, so I have now run the commands against both ldap
hosts (the kdc03 and the kdc04), and now I have this:<br>
</div>
</div>
</div>
</div>
</blockquote>
you need to run it only against one host, it will propagate itself
to the other replicas, if it can - see below.<br>
<blockquote
cite="mid:CAHBEJzWeEWLNdzXDJz1RuKWvM1uFpLCWDod-UoKO5U37duhrpA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div><br>
# ldapsearch -Z -h <a moz-do-not-send="true"
href="http://kdc04.unix.iriszorg.nl">kdc04.unix.iriszorg.nl</a>
-D "cn=Directory Manager" -W -b "o=ipaca"
"(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
| grep "nsds50ruv\|nsDS5ReplicaId"<br>
Enter LDAP Password: <br>
nsDS5ReplicaId: 1095<br>
nsds50ruv: {replicageneration} 50c1015c000000600000<br>
nsds50ruv: {replica 1095 <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a moz-do-not-send="true"
href="http://kdc04.unix.iriszorg.nl:389">kdc04.unix.iriszorg.nl:389</a>}
57e4d75a0000044700<br>
nsds50ruv: {replica 66 <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a moz-do-not-send="true"
href="http://kdc03.unix.iriszorg.nl:389">kdc03.unix.iriszorg.nl:389</a>}
57e23f66000000420000<br>
<br>
# ldapsearch -Z -h <a moz-do-not-send="true"
href="http://kdc03.unix.iriszorg.nl">kdc03.unix.iriszorg.nl</a>
-D "cn=Directory Manager" -W -b "o=ipaca"
"(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
| grep "nsds50ruv\|nsDS5ReplicaId"<br>
Enter LDAP Password: <br>
nsDS5ReplicaId: 66<br>
nsds50ruv: {replicageneration} 50c1015c000000600000<br>
nsds50ruv: {replica 66 <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a moz-do-not-send="true"
href="http://kdc03.unix.iriszorg.nl:389">kdc03.unix.iriszorg.nl:389</a>}
57e23f66000000420000<br>
nsds50ruv: {replica 1095 <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a moz-do-not-send="true"
href="http://kdc04.unix.iriszorg.nl:389">kdc04.unix.iriszorg.nl:389</a>}
57e4d75a0000044700<br>
nsds50ruv: {replica 96 <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a moz-do-not-send="true"
href="http://kdc01.unix.iriszorg.nl:7389">kdc01.unix.iriszorg.nl:7389</a>}
50c1016c00000060000<br>
nsds50ruv: {replica 71 <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a moz-do-not-send="true"
href="http://kdc03.unix.iriszorg.nl:389">kdc03.unix.iriszorg.nl:389</a>}
57e140c7000000470000<br>
nsds50ruv: {replica 97 <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a moz-do-not-send="true"
href="http://kdc02.unix.iriszorg.nl:7389">kdc02.unix.iriszorg.nl:7389</a>}
50c1016800000061000<br>
<br>
</div>
<div>so the command has not been successful in the kdc03. in
the dirsrv errors log I see:<br>
<br>
[26/Sep/2016:14:50:54 +0200] NSMMReplicationPlugin -
CleanAllRUV Task (rid 71): Not all replicas online,
retrying in 640 seconds... <br>
</div>
</div>
</div>
</div>
</blockquote>
this looks like there is still a replication agreement to one of the
no longer existing servers.<br>
<br>
can you search for "... -b "cn=config"
"objectclass=nsds5replicationagreement" <br>
<br>
and remove the ones no longer needed.<br>
<blockquote
cite="mid:CAHBEJzWeEWLNdzXDJz1RuKWvM1uFpLCWDod-UoKO5U37duhrpA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div>[26/Sep/2016:14:51:00 +0200] slapi_ldap_bind - Error:
could not send startTLS request: error -1 (Can't contact
LDAP server) errno 107 (Transport endpoint is not
connected)<br>
<br>
</div>
<div>but those replicas are gone (decommissioned). So how
can I remove them?<br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
<blockquote
cite="mid:CAHBEJzWeEWLNdzXDJz1RuKWvM1uFpLCWDod-UoKO5U37duhrpA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div><br>
<br>
</div>
<div>-- <br>
</div>
<div>regards,<br>
</div>
<div>Natxo<br>
</div>
<div><br>
<br>
<br>
</div>
</div>
<br clear="all">
<br>
-- <br>
<div class="gmail_signature">--<br>
Groeten,<br>
natxo</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Red Hat GmbH, <a class="moz-txt-link-freetext" href="http://www.de.redhat.com/">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander</pre>
</body>
</html>