On 06/07/2021 07:27, Florence Renaud wrote:
Hi,
is the topology at domain level 1 or domain level 0?
# kinit admin
# ipa domainlevel-get
If the level is 1, the right command in order to remove a
replica + ignore topology disconnect issues is
# kinit admin
# ipa server-del <hostname> --ignore-topology-disconnect
The error "not allowed on non-leaf entry" means that the
command tried to delete an LDAP entry which has child
entries. You can have a look at the directory server logs
in /var/log/dirsrv/slapd-IPA-TEST/access and look for a
DEL operation which returned an error (something with
RESULT err=<value different from 0>).
HTH,
flo
I cannot see any meaningful "DEL" in 'access' at/around the
time of 'server-del' execution, though in 'errors'
...
[06/Jul/2021:17:00:47.672237100 +0100] - ERR -
ldbm_back_delete - conn=5935 op=244 Deleting entry
cn=midway.ccnr.ceb.private.cam.ac.uk,cn=masters,cn=ipa,cn=etc,dc=ccn,dc=priv,dc=dom
has replication conflicts as children.
many thanks, L
On Mon, Jul 5, 2021 at 10:45 PM lejeczek via FreeIPA-users
<[email protected]
<mailto:[email protected]>> wrote:
Hi guys.
Two masters from which third got disconnected in a
"dirty"
manner.
-> $ ipa-replica-manage del midway.ccn.priv.dom
Server removal aborted:
Replication topology in suffix 'domain' is disconnected:
Topology does not allow server love.ccn.priv.dom to
replicate with servers:
midway.ccn.priv.dom
Topology does not allow server midway.ccn.priv.dom to
replicate with servers:
love.ccn.priv.dom
punch.ccn.priv.dom
Topology does not allow server punch.ccn.priv.dom to
replicate with servers:
midway.ccn.priv.dom.
-> $ ipa topologysegment-find domain
-----------------
1 segment matched
-----------------
Segment name: punch.ccn.priv.dom-to-love.ccn.priv.dom
Left node: punch.ccn.priv.dom
Right node: love.ccn.priv.dom
Connectivity: both
----------------------------
Number of entries returned 1
-> $ ipa-replica-manage del midway.ccn.priv.dom --force
ipa: WARNING:
/usr/lib/python3.6/site-packages/ipaserver/plugins/dogtag.py:1973:
The subsystem in PKIConnection.__init__() has been
deprecated
(https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes
<https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes>).
Updating DNS system records
Not allowed on non-leaf entry
I've tried to 'reinitialize' but without success.
Anybody care to share suggestions & thoughts?
many thanks, L.
_______________________________________________
FreeIPA-users mailing list --
[email protected]
<mailto:[email protected]>
To unsubscribe send an email to
[email protected]
<mailto:[email protected]>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
<https://fedoraproject.org/wiki/Mailing_list_guidelines>
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
<https://lists.fedorahosted.org/archives/list/[email protected]>
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
<https://pagure.io/fedora-infrastructure>
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
