Hi Ludwig,

On 03/12/18 17:10, Ludwig Krispenz via FreeIPA-users wrote:
Hi,

to get rid of this ruv entry with replicaid 7 you could try to run the 
cleanallruv task directly. On any server (and onöy on one) run

ldapmodify ..... -D "cn=directory manager"

|dn: cn=clean 7, cn=cleanallruv, cn=tasks, cn=config changetype: add objectclass: 
extensibleObject replica-base-dn: <your suffix > replica-id: 7 
replica-force-cleaning: yes |

|But I would like to understand how you did get in|to this state, we have seen 
this occasionly, but have no reproducer. Unfortunately the csn for replicaid 7 
is from Jan, 19th 2017 11:01:16 - so you will probably not remember
||

Not sure if its related, but I wrote an EMail to freeipa-users on that day,
reporting an internal error. See

https://www.redhat.com/archives/freeipa-users/2017-January/msg00286.html

The conflict is still not resolved completely. There are 2 entries I
could not cleanup, see below. What would you suggest?


[root@ipa1 ~]# ldapsearch -o ldif-wrap=no -x -D "cn=directory manager" -w secret -b 
"dc=example,dc=de" "nsds5ReplConflict=*" \* nsds5ReplConflict
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=de> with scope subtree
# filter: nsds5ReplConflict=*
# requesting: * nsds5ReplConflict
#

# ipaservers + 109be302-ccd911e6-a5b3d0c8-d8da17db, hostgroups, accounts, 
example.de
dn: 
cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
memberOf: 
cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de
objectClass: top
objectClass: ipahostgroup
objectClass: ipaobject
objectClass: groupOfNames
objectClass: nestedGroup
objectClass: mepOriginEntry
description: IPA server hosts
cn: ipaservers
ipaUniqueID: 14a4041e-ccd9-11e6-b194-fe4936c476ff
nsds5ReplConflict: namingConflict 
cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de

# ipaservers + 109be304-ccd911e6-a5b3d0c8-d8da17db, ng, alt, example.de
dn: 
cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
memberHost: 
cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
objectClass: ipanisnetgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: ipaAssociation
objectClass: top
nisDomainName: example.de
cn: ipaservers
description: ipaNetgroup ipaservers
mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de
ipaUniqueID: 15699da0-ccd9-11e6-b194-fe4936c476ff
nsds5ReplConflict: namingConflict cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2






[root@ipa1 ~]# ldapsearch -o ldif-wrap=no -x -D "cn=directory manager" -w secret -b 
"cn=hostgroups,cn=accounts,dc=example,dc=de"
# extended LDIF
#
# LDAPv3
# base <cn=hostgroups,cn=accounts,dc=example,dc=de> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# hostgroups, accounts, example.de
dn: cn=hostgroups,cn=accounts,dc=example,dc=de
objectClass: top
objectClass: nsContainer
cn: hostgroups

# admin_hosts, hostgroups, accounts, example.de
dn: cn=admin_hosts,cn=hostgroups,cn=accounts,dc=example,dc=de
memberOf: 
ipaUniqueID=18c7ac56-c9a3-11e5-a675-00165cee60d7,cn=hbac,dc=example,dc=de
memberOf: cn=admin_hosts,cn=ng,cn=alt,dc=example,dc=de
member: fqdn=srvl023.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de
mepManagedEntry: cn=admin_hosts,cn=ng,cn=alt,dc=example,dc=de
objectClass: ipahostgroup
objectClass: ipaobject
objectClass: nestedGroup
objectClass: groupOfNames
objectClass: top
objectClass: mepOriginEntry
cn: admin_hosts
description: hosts with restricted access
ipaUniqueID: ecc0a97c-c9a3-11e5-bcd9-00165cee60d7

# ipaservers, hostgroups, accounts, example.de
dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de
memberOf: cn=Replication Administrators,cn=privileges,cn=pbac,dc=example,dc=de
memberOf: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=Modify Replication 
Agreements,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=Remove Replication 
Agreements,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=Read PassSync Managers 
Configuration,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=Modify PassSync Managers 
Configuration,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=Read LDBM Database 
Configuration,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=Add Configuration 
Sub-Entries,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=example,dc=de
member: fqdn=ipa3.example.de,cn=computers,cn=accounts,dc=example,dc=de
member: fqdn=ipa2.example.de,cn=computers,cn=accounts,dc=example,dc=de
member: fqdn=ipa1.example.de,cn=computers,cn=accounts,dc=example,dc=de
member: fqdn=ipa4.example.de,cn=computers,cn=accounts,dc=example,dc=de
member: fqdn=ipa0.example.de,cn=computers,cn=accounts,dc=example,dc=de
member: fqdn=ipabak.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de
objectClass: top
objectClass: ipahostgroup
objectClass: ipaobject
objectClass: groupOfNames
objectClass: nestedGroup
objectClass: mepOriginEntry
description: IPA server hosts
cn: ipaservers
ipaUniqueID: 115a2f2c-ccd9-11e6-93fa-fe49d2c33fca

# ipaservers + 109be302-ccd911e6-a5b3d0c8-d8da17db, hostgroups, accounts, 
example.de
dn: 
cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
memberOf: 
cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de
objectClass: top
objectClass: ipahostgroup
objectClass: ipaobject
objectClass: groupOfNames
objectClass: nestedGroup
objectClass: mepOriginEntry
description: IPA server hosts
cn: ipaservers
ipaUniqueID: 14a4041e-ccd9-11e6-b194-fe4936c476ff

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 4





[root@ipa1 ~]# ldapsearch -o ldif-wrap=no -x -D "cn=directory manager" -w secret -b 
"cn=ng,cn=alt,dc=example,dc=de"
# extended LDIF
#
# LDAPv3
# base <cn=ng,cn=alt,dc=example,dc=de> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# ng, alt, example.de
dn: cn=ng,cn=alt,dc=example,dc=de
objectClass: nsContainer
objectClass: top
cn: ng

# admin_hosts, ng, alt, example.de
dn: cn=admin_hosts,cn=ng,cn=alt,dc=example,dc=de
objectClass: ipanisnetgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: ipaAssociation
objectClass: top
nisDomainName: example.de
cn: admin_hosts
memberHost: cn=admin_hosts,cn=hostgroups,cn=accounts,dc=example,dc=de
description: ipaNetgroup admin_hosts
mepManagedBy: cn=admin_hosts,cn=hostgroups,cn=accounts,dc=example,dc=de
ipaUniqueID: ecc27612-c9a3-11e5-bcd9-00165cee60d7

# ipaservers + 109be304-ccd911e6-a5b3d0c8-d8da17db, ng, alt, example.de
dn: 
cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
memberHost: 
cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
objectClass: ipanisnetgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: ipaAssociation
objectClass: top
nisDomainName: example.de
cn: ipaservers
description: ipaNetgroup ipaservers
mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de
ipaUniqueID: 15699da0-ccd9-11e6-b194-fe4936c476ff

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3



Please note that there is no "cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de"

Every helpful comment is highly appreciated.
Harri
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to