Re: [Freeipa-users] Problem with properly removing replica master from cluster

Thu, 07 Jul 2016 09:13:55 -0700 

On 07/04/2016 05:54 PM, Christophe TREFOIS wrote:

Dear all,

First of all, thanks to mbasti for helping out so far.

We have a 3-node master cluster (—setup-ca) on 4.1 and setup a 4th using 4.2.0 
as we want to migrate there.

First, we had some orphan entries in ipa-replica-manage list. We removed those 
by manually removing the LDAP node + children in cn=etc,cn=ipa,cn=masters.
Then, we saw that there is still an orphan entry here:

ldapsearch -xLLL -D "cn=directory manager" -W -b dc=uni,dc=lu 
'(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))’

In particular, there is one ghost entry for nsDS5ReplicaBindDN

This is the details of ldapsearch -x -D 'cn=directory manager' -W -b 
'cn=Replication Manager 
masterAgreement1-lums3.uni.lu-pki-tomcat,ou=csusers,cn=config'

Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=Replication Manager 
masterAgreement1-lums3.uni.lu-pki-tomcat,ou=csusers,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat, csusers, config
dn: cn=Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat,ou=csusers
 ,cn=config
objectClass: top
objectClass: person
cn: Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat
sn: manager
userPassword:: **REMOVED**
 =

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

In addition, in slapd error log, i periodically (every 5 mins) see the 
following errors:

[04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace (nsslapd-referral, 
ldap://server1.uni.lu:389/o%3Dipaca) failed.
[04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace (nsslapd-referral, 
ldap://server1.uni.lu:389/o%3Dipaca) failed.
[04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace (nsslapd-referral, 
ldap://server1.uni.lu:389/o%3Dipaca) failed.

Could anybody help me to clean up the orphaned master replica (that is dead) 
and also tell if these attr_replace errors are related?


Hello Christophe,
this is result of not running `ipa-csreplica-manage del` prior running `ipa-replica-manage del` or `ipa-server-install --uninstall`.
Solution is described at: https://www.freeipa.org/page/Troubleshooting#Obsolete_RUV_records 



Thank you for your help in this,

Kind regards,

—
Christophe





--
Petr Vobornik

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to