Thanks for this.
I suspect something is fundamentally broken in replication for me,
possibly due to a missing user or bad auth in the LDAP subsystem due to
our constant chasing of incremental upgrades -- but based on your
advice and a re-read of the Admin guide I'm going to see if I can deploy
some fresh servers and get any sort of replication going at all with
connected segments -- if that works I'll be able to add new segments,
merge all the IPA data and then delete/drop the orphaned systems.
Ludwig Krispenz via FreeIPA-users wrote:
looks like you have a one directional topology segment on each server,
they are created from existing replication agreements when raising the
domain lvel, they should be replicated and merged to one
bi-directional segment - so it looks like replication was not working
already back then.
to investigate the replication state we would have to look into ds
error logs, examine the replication agreements and ruvs.
as you suggested, you could add a new replica from one of the existing
servers, then connect this new one to the other old one and remove the
if you were running frequent upgrades and were doing upgrades in
parallel, you could also have replication conflict entries
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org