William Faulk via FreeIPA-users wrote: > I've got a bunch of replication errors that I'm trying to resolve with a > re-initialization, but the biggest one right now is that one of my IPA > replicas has inconsistent LDAP attributes and I'm not sure of the best way to > proceed. > > The inconsistent attributes are: > > * ipaUniqueID > * krbPrincipalKey > * krbExtraData > * krbLastPwdChange > > Certainly at least the first two seem really significant. I'm hesitant to > re-initialize and overwrite data about one of the IPA servers itself. > > Should I try to delete it as a replica? Try to manually update the data on > the replicas with bad data? Just re-initialize from a replica with good data? > For the latter two options, how can I determine which data is the correct > data?
I'm not sure how the same user can have different ipaUniqueID on different servers. I suspect one or the other is a conflict entry. A differing krbPrincipalKey means their password is different on different servers. Not the end of the world but you might need to reset it after resolving the replication issues. Only you can determine which is the correct data. You'll need to carefully examine it. A re-init is less intensive than uninstall and re-install but either will work, assuming you can't manually resolve the conflict entries. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
