barry...@gmail.com wrote: > Now > > node1 can show ipa-replica-manage list > > 1.abc.com <http://1.abc.com>: master > 2.abc.com <http://2.abc.com>: master > > But at node 2 type ipa-replica-manage list > Can't contact LDAP server > > It seem break on one side nod2 any method to rebuild? > the server trust build in self ca cert before but then it change to > godaddy cert.
Note that the command only contacts the *local* LDAP server so I'd start by diagnosing why the connection fails on node2. This is unrelated to replication. The 389-ds access log may have some details. If you add a hostname on the list command it will show the replication status so I'd try that at least on node 1 to see if replication to node 2 is happening. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project