Nathan wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/02/2013 02:48 PM, Rob Crittenden wrote:
Nathan wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/02/2013 01:56 PM, Rob Crittenden wrote:
$ ldapsearch -LLL -x -b
cn=oldmaster.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com
dn
Then carefully paste each dn, minus the dn:, in REVERSE order,
to:
$ ldapdelete -x -D 'cn=Directory Manager' -w cn=HTTP...
cn=ldap...
^D to exit
My ipa domain is "systems.lafayette.edu", so I had to work that
into your search string, but I think I have it.
So, here's some output.
[root@caroline0 PROD ~]# ldapsearch -LLL -x -b
cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu
dn
dn:
cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayett
e,dc=edu
So, from your ldapdelete example, would I.....
$ ldapdelete -x -D 'cn=Directory Manager' -w
cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu
^D
Yup, use -W to prompt, or -w <password> to pass on cli.
Note that this confirms that IPA doesn't think this server is
actually providing any services.
rob
This seems to have done the trick!
[root@caroline0 PROD ~]# ldapdelete -x -D 'cn=Directory Manager' -W
cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu
Enter LDAP Password:
[root@caroline0 PROD ~]# ldapsearch -LLL -x -b
cn=caroline1.lafayette.edu,cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu
dn
No such object (32)
Matched DN: cn=masters,cn=ipa,cn=etc,dc=systems,dc=lafayette,dc=edu
[root@caroline0 PROD ~]# ls
anaconda-ks.cfg ca-agent.p12 cacert.p12 cobbler.ks install.log
install.log.syslog ks-rhn-post.log RPM-GPG-KEY-lafayette
[root@caroline0 PROD ~]# ipa-replica-manage list
caroline0.lafayette.edu: master
caroline2.lafayette.edu: master
Great, glad it worked.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
