On 10/30/24 16:16, Orion Poplawski via
FreeIPA-users wrote:
We have some issues with installing new replicas, apparently triggered by incomplete replication between the existing servers.I'm trying to cleanup the orphaned replica agreements: dn: cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=dc\3Dnw ra\2Cdc\3Dcom,cn=mapping tree,cn=config nsDS5ReplicaLastUpdateStatus: Error (-1) Problem connecting to replica - LDAP error: Can't contact LDAP server (connection error) dn: cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=o\3Dipa ca,cn=mapping tree,cn=config nsDS5ReplicaLastUpdateStatus: Error (-1) Problem connecting to replica - LDAP error: Can't contact LDAP server (connection error) But that appears to be hanging: # ldapmodify -h ipa-seattle01.nwra.com -D "cn=directory manager" -W <<EOFdn:cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=configchangetype: delete dn:cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=dc\3Dnwra\2Cdc\3Dcom,cn=mapping tree,cn=configchangetype: delete EOFEnter LDAP Password: deleting entry "cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config" Any idea what would cause this?
It appears that one of our IPA servers (not ipa-seattle01 though) was wedged - ns-slapd stuck at 100% and not responding. After rebooting that the ghost replica was removed.
-- Orion Poplawski he/him/his - surely the least important thing about me Manager of IT Systems 720-772-5637 NWRA, Boulder Office FAX: 303-415-9702 3380 Mitchell Lane [email protected] Boulder, CO 80301 https://www.nwra.com/
smime.p7s
Description: S/MIME Cryptographic Signature
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
