I have tried (providing password and our actual domain name scrubbed below):
clean dangling ruvs using ``` [email protected] ~ # ipa-replica-manage clean-dangling-ruv unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000 unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000 unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000 unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000 No dangling RUVs found ``` cleaning that ruv specifically: ``` root@ipa01 ~ # ipa-replica-manage --force --cleanup clean-ruv 27 unable to decode: {replica 27} 60771c010007001b0000 60771c010007001b0000 Replica ID 27 not found ``` ldapmodify - which runs without error and no change: ``` root@ipa01 ~ # cat clean-27.ldif dn: cn=clean 27,cn=cleanallruv,cn=tasks,cn=config changetype: add objectclass: top objectclass: extensibleObject replica-base-dn: dc=ipa,dc=example,dc=net replica-id: 27 cn: clean 27 root@ipa01 ~ # ldapmodify -D "cn=directory manager" -f clean-27.ldif adding new entry "cn=clean 27,cn=cleanallruv,cn=tasks,cn=config" ``` Here's the topology (you can see ipa and idm nodes - working to eventually replace the CentOS 7 ipa nodes with RHEL8 idm nodes - but this replica 27 has been around ... forever as far as I'm concerned): ``` root@ipa01 ~ # ipa topologysegment-find domain ------------------ 9 segments matched ------------------ Segment name: idm01.example.net-to-idm02.example.net Left node: idm01.example.net Right node: idm02.example.net Connectivity: both Segment name: idm01.example.net-to-ipa01.example.net Left node: idm01.example.net Right node: ipa01.example.net Connectivity: both Segment name: idm02.example.net-to-idm04.example.net Left node: idm02.example.net Right node: idm04.example.net Connectivity: both Segment name: idm03.example.net-to-idm01.example.net Left node: idm03.example.net Right node: idm01.example.net Connectivity: both Segment name: idm04.example.net-to-idm03.example.net Left node: idm04.example.net Right node: idm03.example.net Connectivity: both Segment name: ipa01.example.net-to-ipa02.example.net Left node: ipa01.example.net Right node: ipa02.example.net Connectivity: both Segment name: ipa01.example.net-to-ipa03.example.net Left node: ipa01.example.net Right node: ipa03.example.net Connectivity: both Segment name: ipa02.example.net-to-ipa04.example.net Left node: ipa02.example.net Right node: ipa04.example.net Connectivity: both Segment name: ipa03.example.net-to-ipa04.example.net Left node: ipa03.example.net Right node: ipa04.example.net Connectivity: both ---------------------------- Number of entries returned 9 ---------------------------- root@ipa01 ~ # ipa topologysegment-find ca ------------------ 9 segments matched ------------------ Segment name: idm01.example.net-to-idm02.example.net Left node: idm01.example.net Right node: idm02.example.net Connectivity: both Segment name: idm01.example.net-to-ipa01.example.net Left node: idm01.example.net Right node: ipa01.example.net Connectivity: both Segment name: idm02.example.net-to-idm04.example.net Left node: idm02.example.net Right node: idm04.example.net Connectivity: both Segment name: idm03.example.net-to-idm01.example.net Left node: idm03.example.net Right node: idm01.example.net Connectivity: both Segment name: idm04.example.net-to-idm03.example.net Left node: idm04.example.net Right node: idm03.example.net Connectivity: both Segment name: ipa01.example.net-to-ipa02.example.net Left node: ipa01.example.net Right node: ipa02.example.net Connectivity: both Segment name: ipa01.example.net-to-ipa03.example.net Left node: ipa01.example.net Right node: ipa03.example.net Connectivity: both Segment name: ipa02.example.net-to-ipa04.example.net Left node: ipa02.example.net Right node: ipa04.example.net Connectivity: both Segment name: ipa03.example.net-to-ipa04.example.net Left node: ipa03.example.net Right node: ipa04.example.net Connectivity: both ---------------------------- Number of entries returned 9 ---------------------------- ``` I've even gone off the rails and manually deleted the nsds50ruv and nsruvReplicaLastModified entries for these on sub entries of cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config (where I found *something* referencing it). I've pored over the google results for this - including some from this mailing list - the unsuccessful threads seem to simply die from lack of response, while the successful ones found a segment they could delete. Any help would be appreciated. Thanks, - chris -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
