Dear all,

First of all, thanks to mbasti for helping out so far.

We have a 3-node master cluster (—setup-ca) on 4.1 and setup a 4th using 4.2.0 
as we want to migrate there.

First, we had some orphan entries in ipa-replica-manage list. We removed those 
by manually removing the LDAP node + children in cn=etc,cn=ipa,cn=masters.
Then, we saw that there is still an orphan entry here:

ldapsearch -xLLL -D "cn=directory manager" -W -b dc=uni,dc=lu 

In particular, there is one ghost entry for nsDS5ReplicaBindDN

This is the details of ldapsearch -x -D 'cn=directory manager' -W -b 
'cn=Replication Manager,ou=csusers,cn=config'

Enter LDAP Password:
# extended LDIF
# LDAPv3
# base <cn=Replication Manager,ou=csusers,cn=config> with scope 
# filter: (objectclass=*)
# requesting: ALL

# Replication Manager, csusers, config
dn: cn=Replication Manager,ou=csusers
objectClass: top
objectClass: person
cn: Replication Manager
sn: manager
userPassword:: **REMOVED**

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

In addition, in slapd error log, i periodically (every 5 mins) see the 
following errors:

[04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace (nsslapd-referral, 
ldap:// failed.
[04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace (nsslapd-referral, 
ldap:// failed.
[04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace (nsslapd-referral, 
ldap:// failed.

Could anybody help me to clean up the orphaned master replica (that is dead) 
and also tell if these attr_replace errors are related?

Thank you for your help in this,

Kind regards,


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to