<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 26, 2016 at 1:54 PM, Natxo Asenjo <span dir="ltr"><<a href="mailto:natxo.asenjo@gmail.com" target="_blank">natxo.asenjo@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="gmail-h5">On Mon, Sep 26, 2016 at 1:50 PM, Ludwig Krispenz <span dir="ltr"><<a href="mailto:lkrispen@redhat.com" target="_blank">lkrispen@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#FFFFFF"><div><div> <br> <div>On 09/26/2016 01:36 PM, Natxo Asenjo wrote:<br> </div> <blockquote type="cite"> <div dir="ltr"> <div><div><div><div><div><div><div><div><div> <pre>And in my example, the replica id would be 66, 96, 71 and 97, correct? </pre> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </blockquote></div></div> no, I don't think so. you searched 2 times the same host "-h <a href="http://kdc04.unix.iriszorg.nl" target="_blank">kdc04.unix.iriszorg.nl</a>". <br> you need to search on kdc03 to find the current replicaid of kdc03 and you have to keep it.<span><br></span></div></blockquote><div><br><br></div></div></div><div bgcolor="#FFFFFF">yes, you are right :(<br><br> $ ldapsearch -Z -h <a href="http://kdc03.unix.iriszorg.nl" target="_blank">kdc03.unix.iriszorg.nl</a> -D "cn=Directory Manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(<wbr>nsUniqueId=ffffffff-ffffffff-<wbr>ffffffff-ffffffff))" | grep "nsds50ruv\|nsDS5ReplicaId"<br>Enter LDAP Password: <br>nsDS5ReplicaId: 66<br>nsds50ruv: {replicageneration} 50c1015c000000600000<span class="gmail-"><br>nsds50ruv: {replica 66 ldap://<a href="http://kdc03.unix.iriszorg.nl:389" target="_blank">kdc03.unix.iriszorg.nl:<wbr>389</a>} 57e23f66000000420000<br>nsds50ruv: {replica 1095 ldap://<a href="http://kdc04.unix.iriszorg.nl:389" target="_blank">kdc04.unix.iriszorg.nl:<wbr>389</a>} 57e4d75a0000044700<br>nsds50ruv: {replica 96 ldap://<a href="http://kdc01.unix.iriszorg.nl:7389" target="_blank">kdc01.unix.iriszorg.nl:<wbr>7389</a>} 50c1016c00000060000<br>nsds50ruv: {replica 71 ldap://<a href="http://kdc03.unix.iriszorg.nl:389" target="_blank">kdc03.unix.iriszorg.nl:<wbr>389</a>} 57e140c7000000470000<br>nsds50ruv: {replica 97 ldap://<a href="http://kdc02.unix.iriszorg.nl:7389" target="_blank">kdc02.unix.iriszorg.nl:<wbr>7389</a>} 50c1016800000061000<br><br><span><br></span></span></div><div bgcolor="#FFFFFF"><span>so I need to keep 66 and 1095, and run the task on 96, 71 and 97, it would seem.<br><br></span></div><div bgcolor="#FFFFFF"><span>Thanks for spotting my error.</span></div></div></div></div></blockquote><div><br><br></div><div>ok, so I have now run the commands against both ldap hosts (the kdc03 and the kdc04), and now I have this:<br><br> # ldapsearch -Z -h <a href="http://kdc04.unix.iriszorg.nl">kdc04.unix.iriszorg.nl</a> -D "cn=Directory Manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" | grep "nsds50ruv\|nsDS5ReplicaId"<br>Enter LDAP Password: <br>nsDS5ReplicaId: 1095<br>nsds50ruv: {replicageneration} 50c1015c000000600000<br>nsds50ruv: {replica 1095 ldap://<a href="http://kdc04.unix.iriszorg.nl:389">kdc04.unix.iriszorg.nl:389</a>} 57e4d75a0000044700<br>nsds50ruv: {replica 66 ldap://<a href="http://kdc03.unix.iriszorg.nl:389">kdc03.unix.iriszorg.nl:389</a>} 57e23f66000000420000<br><br># ldapsearch -Z -h <a href="http://kdc03.unix.iriszorg.nl">kdc03.unix.iriszorg.nl</a> -D "cn=Directory Manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" | grep "nsds50ruv\|nsDS5ReplicaId"<br>Enter LDAP Password: <br>nsDS5ReplicaId: 66<br>nsds50ruv: {replicageneration} 50c1015c000000600000<br>nsds50ruv: {replica 66 ldap://<a href="http://kdc03.unix.iriszorg.nl:389">kdc03.unix.iriszorg.nl:389</a>} 57e23f66000000420000<br>nsds50ruv: {replica 1095 ldap://<a href="http://kdc04.unix.iriszorg.nl:389">kdc04.unix.iriszorg.nl:389</a>} 57e4d75a0000044700<br>nsds50ruv: {replica 96 ldap://<a href="http://kdc01.unix.iriszorg.nl:7389">kdc01.unix.iriszorg.nl:7389</a>} 50c1016c00000060000<br>nsds50ruv: {replica 71 ldap://<a href="http://kdc03.unix.iriszorg.nl:389">kdc03.unix.iriszorg.nl:389</a>} 57e140c7000000470000<br>nsds50ruv: {replica 97 ldap://<a href="http://kdc02.unix.iriszorg.nl:7389">kdc02.unix.iriszorg.nl:7389</a>} 50c1016800000061000<br><br></div><div>so the command has not been successful in the kdc03. in the dirsrv errors log I see:<br><br>[26/Sep/2016:14:50:54 +0200] NSMMReplicationPlugin - CleanAllRUV Task (rid 71): Not all replicas online, retrying in 640 seconds... <br>[26/Sep/2016:14:51:00 +0200] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected)<br><br></div><div>but those replicas are gone (decommissioned). So how can I remove them?<br><br><br></div><div>-- <br></div><div>regards,<br></div><div>Natxo<br></div><div><br><br><br></div></div><br clear="all"><br>-- <br><div class="gmail_signature">--<br>Groeten,<br>natxo</div> </div></div>