On 8/10/17 11:37 AM, Ian Harding via FreeIPA-users wrote:

[root@freeipa-sea ianh]# ldapsearch -LLL -D 'cn=directory manager' -W -b "cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config" "objectClass=nsds5replicationagreement" nsds5replicaLastUpdateStatus
Enter LDAP Password:
dn: cn=cloneAgreement1-freeipa-sea.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
 a,cn=mapping tree,cn=config
nsds5replicaLastUpdateStatus: Error (32) Problem connecting to replica - LDAP
 error: No such object (connection error)

dn: cn=masterAgreement1-seattlenfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
 a,cn=mapping tree,cn=config
nsds5replicaLastUpdateStatus: Error (19) Replication error acquiring replica: Replica has different database generation ID, remote replica may need to be i
 nitialized (RUV error)

and

[root@seattlenfs ianh]# ldapsearch -LLL -D 'cn=directory manager' -W -b "cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config" "objectClass=nsds5replicationagreement" nsds5replicaLastUpdateStatus
Enter LDAP Password:
dn: cn=cloneAgreement1-seattlenfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipaca
 ,cn=mapping tree,cn=config
nsds5replicaLastUpdateStatus: Error (19) Replication error acquiring replica: Replica has different database generation ID, remote replica may need to be i
 nitialized (RUV error)
So I know I need to ipa-csreplica-manage re-initialize --from freeipa-sea.bpt.rocks on seattlenfs, but also that it fails because of the above.

I think this is the root of the problem where the certificate is not replicated.

Anyone know how I can clean it up? I'm really sorry I've taken up so much of your time. I really appreciate it.

The freeipa-dal problem may or may not be related...

[root@freeipa-sea ianh]# ipa-csreplica-manage list
Directory Manager password:

seattlenfs.bpt.rocks: master
freeipa-dal.bpt.rocks: CA not configured
freeipa-sea.bpt.rocks: master

[root@freeipa-sea ianh]# ipa-csreplica-manage del freeipa-dal.bpt.rocks
Directory Manager password:

'freeipa-sea.bpt.rocks' has no replication agreement for 'freeipa-dal.bpt.rocks'

[root@seattlenfs ~]# ipa-csreplica-manage list
Directory Manager password:

seattlenfs.bpt.rocks: master
freeipa-dal.bpt.rocks: CA not configured
freeipa-sea.bpt.rocks: master
[root@seattlenfs ~]# ipa-csreplica-manage del freeipa-dal.bpt.rocks
Directory Manager password:

'seattlenfs.bpt.rocks' has no replication agreement for 'freeipa-dal.bpt.rocks'

[root@seattlenfs ~]# ipa-replica-manage list-ruv
Directory Manager password:

Replica Update Vectors:
    seattlenfs.bpt.rocks:389: 21
    freeipa-sea.bpt.rocks:389: 20
Certificate Server Replica Update Vectors:
    seattlenfs.bpt.rocks:389: 1290
    freeipa-sea.bpt.rocks:389: 1065

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to