Re: [Freeipa-users] getting rid of nsds5ReplConflict

Tue, 19 May 2015 11:36:12 -0700 

On 05/19/2015 12:27 PM, Megan . wrote:

Thank you for the reply.  I think I just got frustrated.  I
uninstalled ipa on the dir2 replica then set it back up again as a
replica.  Everything seems to be replicating just fine without errors
now.  I know that this isn't the preferred or documented solution but
i needed the server back online asap.

When i run "ipa-replica-manage list-ruv" i see dir2 listed twice.  Is
this a concern?
No. When you get a chance, you can remove the one that is no longer used with the documented clean ruv procedure. I believe there is an ipa command for that. 



[root@dir1 ipa]# ipa-replica-manage list-ruv
dir1.example.com:389: 4
dir3.example.com:389: 5
dir2.example.com:389: 6
dir2.example.com:389: 8

On Tue, May 19, 2015 at 12:37 PM, Rich Megginson <rmegg...@redhat.com> wrote:

On 05/19/2015 10:10 AM, Megan . wrote:

I'm struggling with a replication conflict.  I had three masters,
dir1, dir2, dir3.  There were some weird issues with dir2 where I was
getting  "error 49 (Invalid credentials)" without any real
information.


Where did you see this?  command line output?  Of what command?  In a log
file?  Which log file?  Can you post the exact error message along with the
context?


When i did " ipa-replica-manage list-ruv" i saw dir2
twice.


Can you post the output?


I couldn't get it straight


What does "get it straight" mean?  Does it mean you ran some commands?  If
so, what commands did you run and what was the result?


so i decided to try to re-create
the replica.  I disconnected the replica, ran the del for the replica.
When i check for replication conflicts i still see it in there and I
can't seem to get it to go away.


Deleting and recreating the replica will not remove the replication conflict
if the conflict has been replicated to other servers.

This document doesn't say anything about resolving replica conflict entries
by deleting and re-adding replicas:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html


It only shows up on one of the
remaining masters.

I was trying to follow the documentation


The link above?


and use ldapmodify to change
the dn to cn=olddir2.somewhere.example.something.com7475d90c but
everything i seem to be trying doesn't work.


What exactly did you do?


I'm assuming this entry needs to be cleared up before i can
successfully setup dir2 again as a replica.


No, not necessarily.



Any help would be greatly appreciated.

Thanks!


[root@dir1 ~]# ldapsearch -x -D "cn=directory manager" -W -b
"dc=somewhere,dc=example,dc=something,dc=com" "nsds5ReplConflict=*" \*
nsds5ReplConflict
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=somewhere,dc=example,dc=something,dc=com> with scope subtree
# filter: nsds5ReplConflict=*
# requesting: * nsds5ReplConflict
#

# dir2.somewhere.example.something.com +
7475d90c-f34911e4-99a0ab24-58022cdf, masters
   , ipa, etc, somewhere.example.something.com
dn:
cn=dir2.somewhere.example.something.com+nsuniqueid=7475d90c-f34911e4-99a0ab24-5802

2cdf,cn=masters,cn=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com
nsds5ReplConflict: namingConflict
cn=dir2.somewhere.example.something.com,cn=masters,c
   n=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com
objectClass: top
objectClass: nsContainer
cn: dir2.somewhere.example.something.com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to