Petr Vobornik wrote:
On 09/21/2016 11:25 PM, pgb205 wrote:
topology prior to deletion


master2 deleted with ipa-server --uninstall command

During re-installation I get error that the replication agreement still exists
on master1.
I do see this using ipa-replica-manage list.

Tried deleting replication agreement with
ipa-replica-manage disconnect but receive 'no such replication agreement exist'

Force deletion and cleanup do not work
receive unexpected error: Server is unwilling to perform: database is read-only

removing directly from ldap gives me:
   ldapdelete -r -x -D "cn=Directory Manager" -W
Enter LDAP Password:
ldap_delete: Server is unwilling to perform (53)
ldap_delete: Server is unwilling to perform (53)
          additional info: database is read-only

But I am not sure if I'm not using correct path or if it's something else.

Might be related to Bug 826677 – IPA cannot remove disconnected replica data to
reconnect <>


     Bug 826677 – IPA cannot remove disconnected replica data to reconnect



run on master1:
  ipa-csreplica-manage del master2 --force --clean
  ipa-replica-manage del master2 --force --clean

In that order. First step only if master2 was installed with CA.

Those command should clean left-over data from master2.

In standard situation, recommended uninstallation procedure for IPAs
prior FreeIPA 4.4 is:
   master1# ipa-csreplica-manage del master2
   master1# ipa-replica-manage del master2
   master2# ipa-server-install --uninstall

Ultimately the problem is that the database is set to read only.

$ ldapsearch -x -D 'cn=directory manager' -W -s base -b 'cn=userRoot, cn=ldbm database, cn=plugins, cn=config' nsslapd-readonly


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to