On 06/08/2015 01:19 PM, nat...@nathanpeters.com wrote:
==============
um WTF?  making it a one way only agreement invalidates the
lastinitstart
value?
==============
Looks like a bug.
Ok, this is a pretty serious bug if making it one way can knock it offline
permanently.  Where should I file this bug report?


https://fedorahosted.org/freeipa/newticket


ipa-replica-manage re-initialize?



That seemed to work.  I would have tried that already but the command does
not indicate that is a valid option.  Running ipa-replica-manage --help
does not even list re-initialize as a valid option.  See output below.

That looks like a bug too. However, the man page gives much more information, including the re-initialize command.


[root@dc1 slapd-IPADOMAIN-NET]# ipa-replica-manage re-initialize
Directory Manager password:

re-initialize requires the option --from <host name>
[root@dc1 slapd-IPADOMAIN-NET]# ipa-replica-manage --help
Usage: ipa-replica-manage [options]

Options:
   --version             show program's version number and exit
   -h, --help            show this help message and exit
   -H HOST, --host=HOST  starting host
   -p DIRMAN_PASSWD, --password=DIRMAN_PASSWD
                         Directory Manager password
   -v, --verbose         provide additional information
   -f, --force           ignore some types of errors
   -c, --cleanup         DANGER: clean up references to a ghost master
   --binddn=BINDDN       Bind DN to use with remote server
   --bindpw=BINDPW       Password for Bind DN to use with remote server
   --winsync             This is a Windows Sync Agreement
   --cacert=CACERT       Full path and filename of CA certificate to use with
                         TLS/SSL to the remote server
   --win-subtree=WIN_SUBTREE
                         DN of Windows subtree containing the users you
want to
                         sync (default cn=Users,<domain suffix)
   --passsync=PASSSYNC   Password for the IPA system user used by the Windows
                         PassSync plugin to synchronize passwords
   --from=FROMHOST       Host to get data from
   --no-lookup           do not perform DNS lookup checks
[root@dc1 slapd-IPADOMAIN-NET]# ipa-replica-manage re-initialize
--from=officedc2.office.addomain.net
Directory Manager password:

Update in progress, 30 seconds elapsed
Update succeeded

[root@dc1 slapd-IPADOMAIN-NET]# ldapsearch -xLLL -D "cn=directory manager"
-W -b cn=config objectclass=nsDSWindowsReplicationAgreement
Enter LDAP Password:
dn: cn=meToofficedc2.office.addomain.net,cn=replica,cn=dc\3Dipadomain
  \2Cdc\3Dnet,cn=mapping tree,cn=config
nsds7WindowsReplicaSubtree: OU=Staff,DC=office,DC=addomain,DC=net
nsds7DirectoryReplicaSubtree: cn=users,cn=accounts,dc=ipadomain,dc=net
cn: meToofficedc2.office.addomain.net
nsds7NewWinGroupSyncEnabled: false
objectClass: nsDSWindowsReplicationAgreement
objectClass: top
nsDS5ReplicaTransportInfo: TLS
description: me to officedc2.office.addomain.net
nsDS5ReplicaRoot: dc=ipadomain,dc=net
nsDS5ReplicaHost: officedc2.office.addomain.net
nsds5replicaTimeout: 120
nsDS5ReplicaBindDN: cn=freeipa syncuser,ou=Service
Account,dc=office,dc=addomain,dc=net
nsds7NewWinUserSyncEnabled: true
nsDS5ReplicaPort: 389
nsds7WindowsDomain: ipadomain.net
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof
idnssoaserial
   entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicaBindMethod: simple
nsDS5ReplicaCredentials:
{AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRVVHQ1NxR1NJYjNEUUVG
  RERBNEJDUmtOelUzTTJJNVlpMDBaV1EyTTJRMQ0KWXkwNU0yTm1aV05sTVMxbU5qRXpaak5oTlFBQ
  0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQ2k0N0NxRGZFd2JIdm
  I0MFVFZVI3MA==}gWI9NIB8lbt9tmNszzbBFCAe4Vs/e0sMyn5+NZPJg9E=
nsds7DirsyncCookie::
TVNEUwMAAAD1pLkYH6LQAQAAAAAAAAAAYAEAAO1GoQAAAAAAAAAAAAAAA
  ADtRqEAAAAAAMUjuImqVZhBkOkdt24C0IsBAAAAAAAAAA4AAAAAAAAAY4GwFkVcvEmMMExrVon4d6
  13PwAAAAAADGzFNzznrESIxHzA74fbs4W3MAAAAAAAOnFoO5OE2E27lR/g4EcjQTLbIwAAAAAAuEm
  PWjYok0qGS0HM/+TDmK7FgAMAAAAA6PTFXvAdnkaJSIkZT1lS+xRDIgAAAAAA4qTQaC46/Ua4KXgP
  /ixNcbjpVAAAAAAAWowbgYD1akibZ+sCul5C4eNmLQAAAAAAxSO4iapVmEGQ6R23bgLQi+9GoQAAA
  AAAogC6jFcyFUmhBp4B7FkaBbAvnQEAAAAAyhKMxsP0uUKGEnG2lsyA8eTUwgYAAAAA4n8Xx1bAlU
  mBUl3zhlZ9WBngDAAAAAAA71vM2ebFEkCJkBaLjB4CGU+4CQMAAAAAGfO+4ndZCkaVKnwZNlNsf90
  NDAAAAAAAgD6n+M2bcUGkOwo5gPLx7IOjAwAAAAAA
nsds50ruv: {replicageneration} 553fe9bb000000040000
nsds50ruv: {replica 4 ldap://dc1.ipadomain.net:389} 553fe9c9
  000000040000 5575e79e000000040000
nsds50ruv: {replica 3 ldap://dc2.ipadomain.net:389} 553fe9c
  4000000030000 557244db001700030000
nsruvReplicaLastModified: {replica 4 ldap://dc1.ipadomain.ne
  t:389} 5575e704
nsruvReplicaLastModified: {replica 3 ldap://dc2.ipadomain.n
  et:389} 00000000
oneWaySync: fromWindows
nsds5ReplicaEnabled: on
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20150608191201Z
nsds5replicaLastUpdateEnd: 20150608191201Z
nsds5replicaChangesSentSinceStartup:: NDo0My8wIA==
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental
upd
  ate succeeded
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 20150608191038Z
nsds5replicaLastInitEnd: 20150608191109Z
nsds5replicaLastInitStatus: 0 Total update succeeded



--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to