I'm having trouble to set the IPA domain level to 1.

When I run the command:

ipa domainlevel-set 1
ipa: ERROR: Domain Level cannot be raised to 1, existing replication conflicts 
have to be resolved. 

At the moment we have just two IPA server.

I have tried to uninstall all replicas, keeping only first ipa master, but the 
same error occurred.

While running only one IPA server without any replica, I used 
ipa-replica-manage list-ruv and clean-ruv to delete all RUVs, but was still 
unable to raise the domain level.

OS: RHEL 7.3, updated to last IPA version ipa-server-4.4.0-14.

First version of IPA server installed was on RHEL 7.2, then updated to RHEL 7.3.

This is described in RHBA-2017:0089-1

 Previously, if an Identity Management (IdM) upgrade ran simultaneously on
multiple servers, replication conflict entries were sometimes generated in the
"cn=topology" subtree. 

So if I understand it right, there is a new check implemented which prevents 
raising domain level when this happens. 

So my question is what can I do to get rid of "conflict entries" and raise 
domain level ?


Jan Karásek
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to