Hi, is the topology at domain level 1 or domain level 0? # kinit admin # ipa domainlevel-get
If the level is 1, the right command in order to remove a replica + ignore topology disconnect issues is # kinit admin # ipa server-del <hostname> --ignore-topology-disconnect The error "not allowed on non-leaf entry" means that the command tried to delete an LDAP entry which has child entries. You can have a look at the directory server logs in /var/log/dirsrv/slapd-IPA-TEST/access and look for a DEL operation which returned an error (something with RESULT err=<value different from 0>). HTH, flo On Mon, Jul 5, 2021 at 10:45 PM lejeczek via FreeIPA-users < [email protected]> wrote: > Hi guys. > > Two masters from which third got disconnected in a "dirty" > manner. > > -> $ ipa-replica-manage del midway.ccn.priv.dom > Server removal aborted: > > Replication topology in suffix 'domain' is disconnected: > Topology does not allow server love.ccn.priv.dom to > replicate with servers: > midway.ccn.priv.dom > Topology does not allow server midway.ccn.priv.dom to > replicate with servers: > love.ccn.priv.dom > punch.ccn.priv.dom > Topology does not allow server punch.ccn.priv.dom to > replicate with servers: > midway.ccn.priv.dom. > > -> $ ipa topologysegment-find domain > ----------------- > 1 segment matched > ----------------- > Segment name: punch.ccn.priv.dom-to-love.ccn.priv.dom > Left node: punch.ccn.priv.dom > Right node: love.ccn.priv.dom > Connectivity: both > ---------------------------- > Number of entries returned 1 > > -> $ ipa-replica-manage del midway.ccn.priv.dom --force > ipa: WARNING: > /usr/lib/python3.6/site-packages/ipaserver/plugins/dogtag.py:1973: > The subsystem in PKIConnection.__init__() has been > deprecated > (https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes). > Updating DNS system records > Not allowed on non-leaf entry > > I've tried to 'reinitialize' but without success. > Anybody care to share suggestions & thoughts? > many thanks, L. > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
