If this is the correct search, then no. It's gone.
# ldapsearch -D 'cn=directory manager' -b 'o=ipaca' -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <o=ipaca> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
On 02/21/2018 11:45 AM, Jochen Hein wrote:
Bret Wortman via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
writes:
I may be going about this in the hardest way possible, so let me stop
and roll everything back to my root need:
I have two IPA servers which manage our infrastructure. We used to
have three, but a catastrophic failure on one led to its total
loss. And it was our CA.
So now we have no CA -- is there a way to promote an existing system
to take over? I realize it may well mean distributing a new root CA
cert to everyone, but that seems less painful now than trying to set
up a brand new cluster of servers and try to port our data over to
them...
I'd start looking for the ca data in LDAP. If you still have it, you
might be lucky - if not there's no way to recreate the data (beside from
a backup of the failed server - which I guess doesn't exist any longer).
Do you have a tree o=ipaca in your LDAP?
Jochen
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
