On 10.07.2017 18:26, Jan Karásek via FreeIPA-users wrote:
Hello,

I'm having trouble to set the IPA domain level to 1.

When I run the command:

ipa domainlevel-set 1
ipa: ERROR: Domain Level cannot be raised to 1, existing replication conflicts 
have to be resolved.

At the moment we have just two IPA server.

I have tried to uninstall all replicas, keeping only first ipa master, but the 
same error occurred.

While running only one IPA server without any replica, I used 
ipa-replica-manage list-ruv and clean-ruv to delete all RUVs, but was still 
unable to raise the domain level.

OS: RHEL 7.3, updated to last IPA version ipa-server-4.4.0-14.

First version of IPA server installed was on RHEL 7.2, then updated to RHEL 7.3.

This is described in RHBA-2017:0089-1

  Previously, if an Identity Management (IdM) upgrade ran simultaneously on
multiple servers, replication conflict entries were sometimes generated in the
"cn=topology" subtree.


So if I understand it right, there is a new check implemented which prevents 
raising domain level when this happens.

So my question is what can I do to get rid of "conflict entries" and raise 
domain level ?

Thanks,

Jan Karásek
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Hello,

please use this guide to resolve replication conflicts https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html

--
Martin Bašti
Software Engineer
Red Hat Czech
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to