David Harvey via FreeIPA-users wrote: > Dear list, > > I'd like to do a test run of a script that I use to sync our HR data > with our freeipa infrastructure. Is it possible to pause replication, or > essentially fence a server off, so that if I run the updated script > against it, I can limit the changes to that target server until I've > checked the changes look sound?
There is no tool to do it but you can use ldapmodify to set nsds5ReplicaEnabled to off. This is easiest to do using dsconf. My install has 2 masters, ipa and replica, with a domain of example.test and a realm of EXAMPLE.TEST. Find the agreement: # dsconf EXAMPLE-TEST repl-agmt list --suffix dc=example,dc=test | grep cn: cn: meToipa.example.test Disable replication: # dsconf EXAMPLE-TEST repl-agmt disable --suffix dc=example,dc=test meToipa.example.test Then do the same on the masters that connect to this one. The equivalent name on the other master is cn: meToreplica.example.test. You have to do both otherwise you'll get 1-way replication which is probably not what you want. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org