The master was 6.2 upgraded to 6.3 its got a "bad schema" so the advice I have 
is to rebuild it.

I have 2 replicas they also were upgraded but "blew up" so were rebuilt as 
fresh 6.3, both these are fine, replicating and working perfectly.

I dont use CA, its just self signed on them..


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Petr Spacek [pspa...@redhat.com]
Sent: Wednesday, 7 November 2012 10:17 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Rebuilding the failing original IPA master


On 11/06/2012 10:22 PM, Steven Jones wrote:
> It seems I am faced with rebuilding my original IPA master....trouble is I 
> dont know the impact and problems with doing that.

What it your topology right now?

Do you have at least one fully-functional replica?

Is CA installed on this replica? Or is it replica without Dogtag CA (i.e.
installed with self-signed certificate)?

If you have one "complete" replica including CA then you can simply destroy
old server and install fresh replica as usual.

Rob can add more details and advices.

Petr^2 Spacek

> For instance, can I simply,
> 1) run a db2ldif to export the ldap contents,
> 2) un-install the IPA server,
> 3) reboot and re-install it,
> 4) run ldif2db
> 5) then re-sync the two replicas?
> or will the two replicas need rebuilding? and rejoining fresh?
> Will all the hosts need re-joining?
> Looking at this I dont know just how easy it is or not to do.

Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to