Nathan wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 05/02/2013 01:07 PM, Rob Crittenden wrote:
Nathan wrote: ipa-replica-manage does not seem to have a --cleanup
option...  Can you give me more detail about how it's used?

--cleanup was introduced in FreeIPA 3.0.

It sounds like you just have a masters entry left over in
cn=masters,cn=ipa,cn=etc,dc=example,dc=com. If that is the case
then you can simply remove those entries.

You should also check out CLEANRUV at
http://directory.fedoraproject.org/wiki/Howto:CLEANRUV (skip past
the CLEANALLRUV part, it probably isn't available if you are
still using IPA 2.2).

root@caroline2 PROD ~]# rpm -qa ipa-server
ipa-server-2.2.0-17.el6_3.1.x86_64


This is on RHEL 6.3.

Thanks!  I'll look into the doc you mentioned.

How easy is it to check for, and remove the ldap entry you mentioned?
I'm not an ldap admin, but I have some at my disposal if needed.

$ ldapsearch -LLL -x -b cn=oldmaster.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com dn

Then carefully paste each dn, minus the dn:, in REVERSE order, to:

$ ldapdelete -x -D 'cn=Directory Manager' -w
cn=HTTP...
cn=ldap...

^D to exit

rob


Thanks!


rob




On 05/02/2013 12:07 PM, Petr Viktorin wrote:
On 05/02/2013 05:21 PM, Nathan wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

List still shows caroline1.

[root@caroline2 PROD ~]# ipa-replica-manage list
caroline0.lafayette.edu: master caroline2.lafayette.edu:
master caroline1.lafayette.edu: master


- -v does not seem to change the output at all. I even
tried moving the - -v around in the command line, to see if
placement mattered.

[root@caroline2 PROD ~]# ipa-replica-manage -v  del
--force caroline1.lafayette.edu 'caroline2.lafayette.edu'
has no replication agreement for 'caroline1.lafayette.edu'
[root@caroline2 PROD ~]# ipa-replica-manage del -v --force
caroline1.lafayette.edu 'caroline2.lafayette.edu' has no
replication agreement for 'caroline1.lafayette.edu'
[root@caroline2 PROD ~]# ipa-replica-manage del --force -v
caroline1.lafayette.edu 'caroline2.lafayette.edu' has no
replication agreement for 'caroline1.lafayette.edu'
[root@caroline2 PROD ~]# ipa-replica-manage list
caroline0.lafayette.edu: master caroline2.lafayette.edu:
master caroline1.lafayette.edu: master


Is --cleanup destructive?  Is there some reason that it
should not try it?

Looking at the code, it only cleans up the Kerberos info and
host entry, not DNS records or RUV.



_______________________________________________ Freeipa-users
mailing list Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



- --
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nathan Lager, RHCSA, RHCE (#110-011-426)
System Administrator
11 Pardee Hall
Lafayette College, Easton, PA 18042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlGCossACgkQsZqG4IN3sunlrwCfVQy+yNXmf7HzBCFGn4drUJia
lHcAn0XdEKth/TGZOLmqTe9SNvxLDwch
=5I0n
-----END PGP SIGNATURE-----

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to