<div dir="ltr">Hello,<div> </div><div>I have a FreeIPA setup in which some masters suffered from a few uncontrolled shutdowns and now there are replication conflicts (which prevent from setting the Domain Level to 1). </div><div> </div><div>I was trying to follow the instructions here: <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/ipa-replica-manage.html">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/ipa-replica-manage.html</a></div><div> </div><div>But unfortunately I'm not getting anywhere. This the result of an ldapsearch for replication conflicts:</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> [root@moscovium ~]# ldapsearch -x -D "cn=directory manager" -W -b "dc=ipa,dc=rdmedia,dc=com" "nsds5ReplConflict=*" \* nsds5ReplConflict Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=ipa,dc=rdmedia,dc=com> with scope subtree # filter: nsds5ReplConflict=* # requesting: * nsds5ReplConflict # # servers + 334bfc53-cdae11e6-8a85a70a-bda98fae, dns, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=servers+nsuniqueid=334bfc53-cdae11e6-8a85a70a-bda98fae,cn=dns,dc=ipa,dc =rdmedia,dc=com objectClass: nsContainer objectClass: top cn: servers nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=ipa,dc=rdmedia,dc=com # System: Add CA + 334bfbe5-cdae11e6-8a85a70a-bda98fae, permissions, pbac, ipa. <a href="http://rdmedia.com">rdmedia.com</a> dn: cn=System: Add CA+nsuniqueid=334bfbe5-cdae11e6-8a85a70a-bda98fae,cn=permis sions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=ipaca) ipaPermRight: add ipaPermBindRuleType: permission ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Add CA objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 member: cn=CA Administrator,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermLocation: cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: add ca,cn=permissions,cn=pbac,dc= ipa,dc=rdmedia,dc=com </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"># System: Delete CA + 334bfbe9-cdae11e6-8a85a70a-bda98fae, permissions, pbac, i <a href="http://pa.rdmedia.com">pa.rdmedia.com</a> dn: cn=System: Delete CA+nsuniqueid=334bfbe9-cdae11e6-8a85a70a-bda98fae,cn=per missions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=ipaca) ipaPermRight: delete ipaPermBindRuleType: permission ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Delete CA objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 member: cn=CA Administrator,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermLocation: cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: delete ca,cn=permissions,cn=pbac, dc=ipa,dc=rdmedia,dc=com # System: Modify CA + 334bfbed-cdae11e6-8a85a70a-bda98fae, permissions, pbac, i <a href="http://pa.rdmedia.com">pa.rdmedia.com</a> dn: cn=System: Modify CA+nsuniqueid=334bfbed-cdae11e6-8a85a70a-bda98fae,cn=per missions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=ipaca) ipaPermRight: write ipaPermBindRuleType: permission ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Modify CA objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 member: cn=CA Administrator,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermDefaultAttr: description ipaPermDefaultAttr: cn ipaPermLocation: cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: modify ca,cn=permissions,cn=pbac, dc=ipa,dc=rdmedia,dc=com # System: Read CAs + 334bfbf1-cdae11e6-8a85a70a-bda98fae, permissions, pbac, ip <a href="http://a.rdmedia.com">a.rdmedia.com</a> dn: cn=System: Read CAs+nsuniqueid=334bfbf1-cdae11e6-8a85a70a-bda98fae,cn=perm issions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=ipaca) ipaPermRight: read ipaPermRight: compare ipaPermRight: search ipaPermBindRuleType: all ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Read CAs objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 ipaPermDefaultAttr: description ipaPermDefaultAttr: ipacaissuerdn ipaPermDefaultAttr: objectclass ipaPermDefaultAttr: ipacasubjectdn ipaPermDefaultAttr: ipacaid ipaPermDefaultAttr: cn ipaPermLocation: cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: read cas,cn=permissions,cn=pbac,d c=ipa,dc=rdmedia,dc=com # System: Modify DNS Servers Configuration + 334bfbf6-cdae11e6-8a85a70a-bda98fa e, permissions, pbac, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=System: Modify DNS Servers Configuration+nsuniqueid=334bfbf6-cdae11e6-8 a85a70a-bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=idnsServerConfigObject) ipaPermRight: write ipaPermBindRuleType: permission ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Modify DNS Servers Configuration objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermDefaultAttr: idnssoamname ipaPermDefaultAttr: idnssubstitutionvariable ipaPermDefaultAttr: idnsforwardpolicy ipaPermDefaultAttr: idnsforwarders ipaPermLocation: dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: modify dns servers configuration, cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com # System: Read DNS Servers Configuration + 334bfbfa-cdae11e6-8a85a70a-bda98fae, permissions, pbac, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=System: Read DNS Servers Configuration+nsuniqueid=334bfbfa-cdae11e6-8a8 5a70a-bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=idnsServerConfigObject) ipaPermRight: read ipaPermRight: compare ipaPermRight: search ipaPermBindRuleType: permission ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Read DNS Servers Configuration objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com member: cn=DNS Servers,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermDefaultAttr: idnsforwardpolicy ipaPermDefaultAttr: objectclass ipaPermDefaultAttr: idnsforwarders ipaPermDefaultAttr: idnsserverid ipaPermDefaultAttr: idnssubstitutionvariable ipaPermDefaultAttr: idnssoamname ipaPermLocation: dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: read dns servers configuration,cn =permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com # System: Manage Host Principals + 334bfc0b-cdae11e6-8a85a70a-bda98fae, permiss ions, pbac, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=System: Manage Host Principals+nsuniqueid=334bfc0b-cdae11e6-8a85a70a-bd a98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=ipahost) ipaPermRight: write ipaPermBindRuleType: permission ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Manage Host Principals objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 member: cn=Host Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermDefaultAttr: krbprincipalname ipaPermDefaultAttr: krbcanonicalname ipaPermLocation: cn=computers,cn=accounts,dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: manage host principals,cn=permiss ions,cn=pbac,dc=ipa,dc=rdmedia,dc=com # System: Add IPA Locations + 334bfc20-cdae11e6-8a85a70a-bda98fae, permissions, pbac, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=System: Add IPA Locations+nsuniqueid=334bfc20-cdae11e6-8a85a70a-bda98fa e,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=ipaLocationObject) ipaPermRight: add ipaPermBindRuleType: permission ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Add IPA Locations objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermLocation: cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: add ipa locations,cn=permissions, cn=pbac,dc=ipa,dc=rdmedia,dc=com # System: Modify IPA Locations + 334bfc24-cdae11e6-8a85a70a-bda98fae, permissio ns, pbac, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=System: Modify IPA Locations+nsuniqueid=334bfc24-cdae11e6-8a85a70a-bda9 8fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=ipaLocationObject) ipaPermRight: write ipaPermBindRuleType: permission ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Modify IPA Locations objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermDefaultAttr: description ipaPermLocation: cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: modify ipa locations,cn=permissio ns,cn=pbac,dc=ipa,dc=rdmedia,dc=com # System: Read IPA Locations + 334bfc28-cdae11e6-8a85a70a-bda98fae, permissions , pbac, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=System: Read IPA Locations+nsuniqueid=334bfc28-cdae11e6-8a85a70a-bda98f ae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=ipaLocationObject) ipaPermRight: read ipaPermRight: compare ipaPermRight: search ipaPermBindRuleType: permission ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Read IPA Locations objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermDefaultAttr: objectclass ipaPermDefaultAttr: description ipaPermDefaultAttr: idnsname ipaPermLocation: cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: read ipa locations,cn=permissions ,cn=pbac,dc=ipa,dc=rdmedia,dc=com # System: Remove IPA Locations + 334bfc2c-cdae11e6-8a85a70a-bda98fae, permissio ns, pbac, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=System: Remove IPA Locations+nsuniqueid=334bfc2c-cdae11e6-8a85a70a-bda9 8fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=ipaLocationObject) ipaPermRight: delete ipaPermBindRuleType: permission ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Remove IPA Locations objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermLocation: cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: remove ipa locations,cn=permissio ns,cn=pbac,dc=ipa,dc=rdmedia,dc=com # System: Read Locations of IPA Servers + 334bfc30-cdae11e6-8a85a70a-bda98fae, permissions, pbac, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=System: Read Locations of IPA Servers+nsuniqueid=334bfc30-cdae11e6-8a85 a70a-bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=ipaConfigObject) ipaPermRight: read ipaPermRight: compare ipaPermRight: search ipaPermBindRuleType: permission ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Read Locations of IPA Servers objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermDefaultAttr: objectclass ipaPermDefaultAttr: ipaserviceweight ipaPermDefaultAttr: ipalocation ipaPermDefaultAttr: cn ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: read locations of ipa servers,cn= permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com # System: Read Status of Services on IPA Servers + 334bfc34-cdae11e6-8a85a70a-b da98fae, permissions, pbac, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=System: Read Status of Services on IPA Servers+nsuniqueid=334bfc34-cdae 11e6-8a85a70a-bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=ipaConfigObject) ipaPermRight: read ipaPermRight: compare ipaPermRight: search ipaPermBindRuleType: permission ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Read Status of Services on IPA Servers objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermDefaultAttr: objectclass ipaPermDefaultAttr: ipaconfigstring ipaPermDefaultAttr: cn ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: read status of services on ipa se rvers,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com # System: Manage Service Principals + 334bfc38-cdae11e6-8a85a70a-bda98fae, perm issions, pbac, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=System: Manage Service Principals+nsuniqueid=334bfc38-cdae11e6-8a85a70a -bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=ipaservice) ipaPermRight: write ipaPermBindRuleType: permission ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Manage Service Principals objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 member: cn=Service Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=c om ipaPermDefaultAttr: krbprincipalname ipaPermDefaultAttr: krbcanonicalname ipaPermLocation: cn=services,cn=accounts,dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: manage service principals,cn=perm issions,cn=pbac,dc=ipa,dc=rdmedia,dc=com # System: Manage User Principals + 334bfc45-cdae11e6-8a85a70a-bda98fae, permiss ions, pbac, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=System: Manage User Principals+nsuniqueid=334bfc45-cdae11e6-8a85a70a-bd a98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com ipaPermTargetFilter: (objectclass=posixaccount) ipaPermRight: write ipaPermBindRuleType: permission ipaPermissionType: V2 ipaPermissionType: MANAGED ipaPermissionType: SYSTEM cn: System: Manage User Principals objectClass: ipapermission objectClass: top objectClass: groupofnames objectClass: ipapermissionv2 member: cn=User Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com member: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=ipa,dc=rd media,dc=com ipaPermDefaultAttr: krbprincipalname ipaPermDefaultAttr: krbcanonicalname ipaPermLocation: cn=users,cn=accounts,dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict cn=system: manage user principals,cn=permiss ions,cn=pbac,dc=ipa,dc=rdmedia,dc=com # locations + 334bfba2-cdae11e6-8a85a70a-bda98fae, etc, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=locations+nsuniqueid=334bfba2-cdae11e6-8a85a70a-bda98fae,cn=etc,dc=ipa, dc=rdmedia,dc=com objectClass: nsContainer objectClass: top cn: locations nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi ssion:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System: Ad d IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com";) aci: (targetattr = "description")(targetfilter = "(objectclass=ipaLocationObje ct)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write) groupdn = "ldap:///cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc =ipa,dc=rdmedia,dc=com";) aci: (targetattr = "createtimestamp || description || entryusn || idnsname || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObje ct)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare, read,search) groupdn = "ldap:///cn=System: Read IPA Locations,cn=permissions, cn=pbac,dc=ipa,dc=rdmedia,dc=com";) aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi ssion:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=Syst em: Remove IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com";) # <a href="http://neon.ipa.rdmedia.com">neon.ipa.rdmedia.com</a> + 1b780d06-017611e6-966aeb96-de53d9d8, computers, accoun ts, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: fqdn=<a href="http://neon.ipa.rdmedia.com">neon.ipa.rdmedia.com</a>+nsuniqueid=1b780d06-017611e6-966aeb96-de53d9d8,c n=computers,cn=accounts,dc=ipa,dc=rdmedia,dc=com krbExtraData:: AAJIQA5XaG9zdC9uZW9uLmlwYS5yZG1lZGlhLmNvbUBJUEEuUkRNRURJQS5DT00 A enrolledBy: uid=admin,cn=users,cn=accounts,dc=ipa,dc=rdmedia,dc=com krbLastPwdChange: 20160413124912Z krbPrincipalKey:: MIIBKKADAgEBoQMCAQGiAwIBAaMDAgEBpIIBEDCCAQwwS6FJMEegAwIBEqFA BD4gAPd2yVptQC/d3mk7xdb3skL+KkkUzewAxCF0FJgXXuBVt1y2GHtnhzILNe91amjovgXAFEujn 8x6YrwHXDA7oTkwN6ADAgERoTAELhAAPbI3gwakFyt9EnCqDLWst6FeXKO0Fwvx3+gZZOGmYQpr0Z ujLLtmJuJVmS8wQ6FBMD+gAwIBEKE4BDYYABMJXEKVH2Yn4nGzJ5woqDjO2dVUx8nQ+1NSi6dREwy 8T+7VrbdVOpaQgkUx4czwkhxKvVcwO6E5MDegAwIBF6EwBC4QABWhTKkWc50oJlpSw/FK2yhl+ZUo MZt0XHA/xdPXDD3DxGV5cx2MgvJEhJzs cn: <a href="http://neon.ipa.rdmedia.com">neon.ipa.rdmedia.com</a> objectClass: ipaobject objectClass: ieee802device objectClass: nshost objectClass: ipaservice objectClass: pkiuser objectClass: ipahost objectClass: krbprincipal objectClass: krbprincipalaux objectClass: ipasshhost objectClass: top objectClass: ipaSshGroupOfPubKeys fqdn: <a href="http://neon.ipa.rdmedia.com">neon.ipa.rdmedia.com</a> managedBy: fqdn=<a href="http://neon.ipa.rdmedia.com">neon.ipa.rdmedia.com</a>,cn=computers,cn=accounts,dc=ipa,dc=rdmedi a,dc=com krbPrincipalName: host/<a href="mailto:neon.ipa.rdmedia.com@IPA.RDMEDIA.COM">neon.ipa.rdmedia.com@IPA.RDMEDIA.COM</a> serverHostName: neon ipaUniqueID: 1eaa355c-0176-11e6-8dd5-001a4aa7101c krbPwdPolicyReference: cn=Default Host Password Policy,cn=computers,cn=account s,dc=ipa,dc=rdmedia,dc=com nsds5ReplConflict: namingConflict fqdn=<a href="http://neon.ipa.rdmedia.com">neon.ipa.rdmedia.com</a>,cn=computers,cn=ac counts,dc=ipa,dc=rdmedia,dc=com # cas + 334bfba8-cdae11e6-8a85a70a-bda98fae, ca, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=cas+nsuniqueid=334bfba8-cdae11e6-8a85a70a-bda98fae,cn=ca,dc=ipa,dc=rdme dia,dc=com objectClass: nsContainer objectClass: top cn: cas nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System : Add CA";allow (add) groupdn = "ldap:///cn=System: Add CA,cn=permissions,cn= pbac,dc=ipa,dc=rdmedia,dc=com";) aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System : Delete CA";allow (delete) groupdn = "ldap:///cn=System: Delete CA,cn=permis sions,cn=pbac,dc=ipa,dc=rdmedia,dc=com";) aci: (targetattr = "cn || description")(targetfilter = "(objectclass=ipaca)")( version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = "ldap: ///cn=System: Modify CA,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com";) aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacai d || ipacaissuerdn || ipacasubjectdn || modifytimestamp || objectclass")(targ etfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Read CA s";allow (compare,read,search) userdn = "ldap:///all";) # custodia + 334bfbdb-cdae11e6-8a85a70a-bda98fae, ipa, etc, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=custodia+nsuniqueid=334bfbdb-cdae11e6-8a85a70a-bda98fae,cn=ipa,cn=etc,d c=ipa,dc=rdmedia,dc=com objectClass: nsContainer objectClass: top cn: custodia nsds5ReplConflict: namingConflict cn=custodia,cn=ipa,cn=etc,dc=ipa,dc=rdmedia, dc=com # domain + 334bfb9e-cdae11e6-8a85a70a-bda98fae, topology, ipa, etc, ipa.rdmedia .com dn: cn=domain+nsuniqueid=334bfb9e-cdae11e6-8a85a70a-bda98fae,cn=topology,cn=ip a,cn=etc,dc=ipa,dc=rdmedia,dc=com nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp ipaReplTopoConfRoot: dc=ipa,dc=rdmedia,dc=com objectClass: top objectClass: iparepltopoconf nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount cn: domain nsds5ReplConflict: namingConflict cn=domain,cn=topology,cn=ipa,cn=etc,dc=ipa,d c=rdmedia,dc=com # ca + 334bfbe0-cdae11e6-8a85a70a-bda98fae, topology, ipa, etc, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=ca+nsuniqueid=334bfbe0-cdae11e6-8a85a70a-bda98fae,cn=topology,cn=ipa,cn =etc,dc=ipa,dc=rdmedia,dc=com objectClass: top objectClass: iparepltopoconf cn: ca ipaReplTopoConfRoot: o=ipaca nsds5ReplConflict: namingConflict cn=ca,cn=topology,cn=ipa,cn=etc,dc=ipa,dc=rd media,dc=com # dogtag + 334bfbdd-cdae11e6-8a85a70a-bda98fae, custodia + 334bfbdb-cdae11e6-8a 85a70a-bda98fae, ipa, etc, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=dogtag+nsuniqueid=334bfbdd-cdae11e6-8a85a70a-bda98fae,cn=custodia+nsuni queid=334bfbdb-cdae11e6-8a85a70a-bda98fae,cn=ipa,cn=etc,dc=ipa,dc=rdmedia,dc= com objectClass: nsContainer objectClass: top cn: dogtag nsds5ReplConflict: namingConflict cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=ipa,d c=rdmedia,dc=com # lawrencium + 6c7e3d83-c11711e6-8a85a70a-bda98fae, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a>., dns, ipa. <a href="http://rdmedia.com">rdmedia.com</a> dn: idnsName=lawrencium+nsuniqueid=6c7e3d83-c11711e6-8a85a70a-bda98fae,idnsnam e=<a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a>.,cn=dns,dc=ipa,dc=rdmedia,dc=com aRecord: 192.168.50.55 dNSTTL: 1200 objectClass: idnsRecord objectClass: top idnsName: lawrencium nsds5ReplConflict: namingConflict idnsname=lawrencium,idnsname=<a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> .,cn=dns,dc=ipa,dc=rdmedia,dc=com # mendelevium + e5710f85-c5c511e6-8a85a70a-bda98fae, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a>., dns, ipa .<a href="http://rdmedia.com">rdmedia.com</a> dn: idnsName=mendelevium+nsuniqueid=e5710f85-c5c511e6-8a85a70a-bda98fae,idnsna me=<a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a>.,cn=dns,dc=ipa,dc=rdmedia,dc=com aRecord: 192.168.50.52 dNSTTL: 1200 objectClass: idnsRecord objectClass: top idnsName: mendelevium nsds5ReplConflict: namingConflict idnsname=mendelevium,idnsname=<a href="http://ipa.rdmedia.co">ipa.rdmedia.co</a> m.,cn=dns,dc=ipa,dc=rdmedia,dc=com # 41 + e764de07-5e2f11e6-bd76eb96-de53d9d8, 120.100.10.in-addr.arpa., dns, ipa. <a href="http://rdmedia.com">rdmedia.com</a> dn: idnsname=41+nsuniqueid=e764de07-5e2f11e6-bd76eb96-de53d9d8,idnsname=120.10 0.10.in-addr.arpa.,cn=dns,dc=ipa,dc=rdmedia,dc=com objectClass: top objectClass: idnsrecord pTRRecord: <a href="http://arsenica.ipa.rdmedia.com">arsenica.ipa.rdmedia.com</a>. idnsName: 41 nsds5ReplConflict: namingConflict idnsname=41,idnsname=120.100.10.in-addr.arpa .,cn=dns,dc=ipa,dc=rdmedia,dc=com # ipa + 58d90aec-cdae11e6-8a85a70a-bda98fae, cas + 334bfba8-cdae11e6-8a85a70a-b da98fae, ca, <a href="http://ipa.rdmedia.com">ipa.rdmedia.com</a> dn: cn=ipa+nsuniqueid=58d90aec-cdae11e6-8a85a70a-bda98fae,cn=cas+nsuniqueid=33 4bfba8-cdae11e6-8a85a70a-bda98fae,cn=ca,dc=ipa,dc=rdmedia,dc=com description: IPA CA ipaCaIssuerDN: CN=Certificate Authority,O=<a href="http://IPA.RDMEDIA.COM">IPA.RDMEDIA.COM</a> objectClass: top objectClass: ipaca ipaCaSubjectDN: CN=Certificate Authority,O=<a href="http://IPA.RDMEDIA.COM">IPA.RDMEDIA.COM</a> ipaCaId: 21547c03-13c3-4f4f-992b-b0257012d1c1 cn: ipa nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com # search result search: 2 result: 0 Success # numResponses: 28 # numEntries: 27</blockquote><div> </div><div>So when I try eg. this...</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">[root@moscovium ~]# ldapmodify -x -D "cn=directory manager" -W -h <a href="http://moscovium.ipa.rdmedia.com">moscovium.ipa.rdmedia.com</a> -p 389 Enter LDAP Password: dn: fqdn=<a href="http://neon.ipa.rdmedia.com">neon.ipa.rdmedia.com</a>+nsuniqueid=1b780d06-017611e6-966aeb96-de53d9d8,c n=computers,cn=accounts,dc=ipa,dc=rdmedia,dc=com changetype: modrdn newrdn fqdn=<a href="http://neontemp.ipa.rdmedia.com">neontemp.ipa.rdmedia.com</a> deleteoldrdn: 0</blockquote><div> </div><div>...I get:</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">ldapmodify: invalid format (line 3) entry: "fqdn=<a href="http://neon.ipa.rdmedia.com">neon.ipa.rdmedia.com</a>+nsuniqueid=1b780d06-017611e6-966aeb96-de53d9d8,cn=computers,cn=accounts,dc=ipa,dc=rdmedia,dc=com"</blockquote><div> </div><div>So my question: what can I do to resolve the conflicts?</div><div> </div><div>-- <div class="gmail_signature"><div dir="ltr">Tiemen Ruiten Systems Engineer R&D Media </div></div> </div></div>