On 03/24/2015 03:18 PM, thierry bordaz wrote: > Hello, > > Sorry for the late answer. > > Those entries are named RUV. > > host25.xxxxx1.net RUV contains > nscpentrywsi: nsds50ruv: {replicageneration} 550feb15000000600000 > nscpentrywsi: nsds50ruv: {replica 96 ldap://host25.xxxxx1.net:389} > 550feb1d000000600000 551129d7000000600000 > nscpentrywsi: nsds50ruv: {replica 1195 ldap://host28.xxxxx1.net:389} > 550feed9000004ab0000 551129d7000804ab0000 > *nscpentrywsi: nsds50ruv: {replica 1685 ldap://host68.xxxxx1.net:389} > 551016e7000006950000 551016e8000306950000 > nscpentrywsi: nsds50ruv: {replica 1690 ldap://host68.xxxxx1.net:389} > 551012ed0000069a0000 551012ee0001069a0000 > nscpentrywsi: nsds50ruv: {replica 1695 ldap://host68.xxxxx1.net:389} > 55100d8b0000069f0000 55100d8c0001069f0000* > nscpentrywsi: nsds50ruv: {replica 91 ldap://host51.xxxxx2:389} > 550ff1440000005b0000 551113bd0003005b0000 > nscpentrywsi: nsds50ruv: {replica 97 ldap://host26.xxxxx1.net:389} > 550feb27000000610000 55112711000400610000 > nscpentrywsi: nsds50ruv: {replica 1095 ldap://host27.xxxxx1.net:389} > 550fecef000004470000 55111c8b000504470000 > nscpentrywsi: nsds50ruv: {replica 1295 ldap://host52.xxxxx2:389} > 550ff3480000050f0000 5511138e000b050f0000 > nscpentrywsi: nsds50ruv: {replica 1395 ldap://host32.xxxxx2:389} > 550ff5ed000005730000 55110c85000305730000 > nscpentrywsi: nsds50ruv: {replica 1495 ldap://host33.xxxxx2:389} > 550ff837000005d70000 551125b1000105d70000 > *nscpentrywsi: nsds50ruv: {replica 1595 ldap://host18.xxxxx2:389} > 550ffc6b0000063b0000 550ffc6c0001063b0000 > nscpentrywsi: nsds50ruv: {replica 1590 ldap://host18.xxxxx2:389} > 5510000a000006360000 5510000b000106360000 > nscpentrywsi: nsds50ruv: {replica 1585 ldap://host18.xxxxx2:389} > 55100385000006310000 55100387000106310000* > > So host68:389 and host18:389 are masters for the same suffix (o=ipaca) but > with > different replica Identifier (1685,1690,1695 and 1585,1590,1595). > > Some of those Replica Identifiers are likely old one that need to cleared. > Did you run CLEANRUV ? > > thanks > thierry
Right. Maybe you reinstalled IPA replica (several times) without cleaning the RUV? With # ipa-replica-manage list-ruv # ipa-replica-manage clean-ruv you should be able to clean the old (lower) RUVs and see if the error disappears. More info in "man ipa-replica-manage" and on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-topology.html#cleanruv Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project