Hello, > Hi, > > in your first message, the output of > $ dsconf -D "cn=Directory Manager" ldap://$(hostname) repl-conflict > list-glue "dc=noc,dc=net" > mentions: > dn: cn=sg1-replica.noc.net,cn=masters,cn=ipa,cn=etc,dc=noc,dc=net > *nsds5replconflict: deletedEntryHasChildren* > > It means that the replication tried to delete this entry on 1 server but > there were subentries below that one. > Is this replica sg1-replica.noc.net still present in the topology? If it > has been removed, you can delete the entry and its children. Otherwise you > need to keep it.
Yes, that replicate still in the topology, what is the best way to "keep it" ? > The other conflict is dn: krbprincipalname=HTTP/mi1-replica.noc.net(a)NOC.NET > +nsuniqueid=0264df8b-fca611ee-a3cba8b9-8a6b8039,cn=services,cn=accounts,dc=noc,dc=net > > Can you show the content of the entry and the content of the conflict > entry? The differences may help understand why there is a conflict. > > ldapsearch -D "cn=directory manager" -W -b krbprincipalname=HTTP/ > mi1-replica.noc.net(a)NOC.NET > +nsuniqueid=0264df8b-fca611ee-a3cba8b9-8a6b8039,cn=services,cn=accounts,dc=noc,dc=net This does not seems to result anything: # extended LDIF # # LDAPv3 # base <krbprincipalname=HTTP/[email protected]+nsuniqueid=0264df8b-fca611ee-a3cba8b9-8a6b8039,cn=services,cn=accounts,dc=noc,dc=net> with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 > ldapsearch -D "cn=directory manager" -W -b krbprincipalname=HTTP/ > mi1-replica.noc.net(a)NOC.NET,cn=services,cn=accounts,dc=noc,dc=net This outputs the following: # extended LDIF # # LDAPv3 # base <krbprincipalname=HTTP/[email protected],cn=services,cn=accounts,dc=noc,dc=net> with scope subtree # filter: (objectclass=*) # requesting: ALL # # HTTP/[email protected], services, accounts, noc.net dn: krbprincipalname=HTTP/[email protected],cn=services,cn=acco unts,dc=noc,dc=net userCertificate:: MIIFRD... userCertificate:: MIIFRD... krbExtraData:: AAIAs... krbLastPwdChange: 20220428151720Z krbPrincipalKey:: MIHe... krbCanonicalName: HTTP/[email protected] objectClass: krbprincipal objectClass: krbprincipalaux objectClass: krbticketpolicyaux objectClass: ipaobject objectClass: ipaservice objectClass: pkiuser objectClass: ipakrbprincipal objectClass: top managedBy: fqdn=mi1-replica.noc.net,cn=computers,cn=accounts,dc=noc,dc=ne t ipaKrbPrincipalAlias: HTTP/[email protected] krbPrincipalName: HTTP/[email protected] ipaUniqueID: 4bfed72c-c706-11ec-a9d8-ac1f6bfcc04f krbPwdPolicyReference: cn=Default Service Password Policy,cn=services,cn=accou nts,dc=noc,dc=net # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 > flo > > > On Tue, Apr 23, 2024 at 12:08 PM Lee Csk via FreeIPA-users < > freeipa-users(a)lists.fedorahosted.org> wrote: Thank you, Lee -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
