Kristian Petersen via FreeIPA-users wrote: > My primary IPA server has failed. I was running a python script against > IPA doing some user management when everything when unresponsive. I > couldn't even get in at a console to check what was going on. I ended > up rebooting it. After doing so, dirsrv wouldn't start because dse.ldif > was missing. I have copied this file over from a replica IPA server, so > dirsrv starts now. However, it seems that other services are unable to > connect to LDAP properly. DNS isn't resolving when querying the primary > even though ipactl shows named is running. smb and winbind won't start > and it appears to be a problem with connecting to LDAP. Is there a way > to check the integrity of my LDAP database? Or should I try to copy the > LDAP database form my working replica to the primary?
There should have been a dse.ldif.startOK which would have been better to use. Given you have started the server already it is probably already updated, losing the old values, but worth checking. I know that at least the value of nsslapd-localhost has the hostname stored. Replication agreements are also stored per-host in cn=config (which is not replicated). If the database were corrupted then 389-ds should detect it. I'm suspecting that the dse.ldif from another master is the culprit. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
