On 21.12.2016 12:08, Ludwig Krispenz wrote:

On 12/21/2016 05:11 AM, Ian Chen wrote:
hello list,

I tried to search for answer, but not solution come up yet. please help.

the setup with multiple nodes has IPA version:
ipa-server-4.1.0-18.el7.centos.4.x86_64


after adding a replication with an old node, replicaiton conflict occured.

---- node104
dn: nsuniqueid=5820a804-af9211e6-bbce8d9c-0794b841+uid=test2,cn=users,cn=acco
 unts,dc=...
uid: test2
nsds5ReplConflict: namingConflict uid=test2,cn=users,cn=accounts,dc=...
krbPrincipalName: test2@...
krbLastPwdChange: 20161220054653Z
krbPasswordExpiration: 20170320054653Z
ipaUniqueID: 606b2260-af92-11e6-a928-0050568faf9d


---- node203
dn: uid=test2,cn=users,cn=accounts,dc=...
uid: test2
krbPrincipalName: test2@...
krbLastPwdChange: 20161220054653Z
krbPasswordExpiration: 20170320054653Z
ipaUniqueID: 606b2260-af92-11e6-a928-0050568faf9d


I tried rename RDN following this
https://mkosek.fedorapeople.org/publican_site/en-US/FreeIPA/3.4/html/FreeIPA_Guide/ipa-replica-manage.html

hello,

guide ^ is deprecated, please use the https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html

For replication conflict is useful this guide https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html

Martin


but when trying to delete uid, then change RDN back to uid, there is this error

modifying entry "cn=TempValue,cn=users,cn=accounts,dc=..."
ldap_modify: Object class violation (65)
additional info: missing attribute "uid" required by object class "posixAccount"

I cannot delete object class posixAccount then add it back
I cannot see which commands you really tried to execute and failed, so could you provide the full log of what you did if you want to follow the steps in the IPA doc.

But I do not think that you need to go thru the MOD/MODRDN/... sequence if you do not want to keep both entries. If a conflict arises, one entry keeps the original dn, the other gets a dn with "nsuniquid=....+..." and the nsds5ReplConflict attribute. you can check the entries and inmost cases you just want to keep the "original" and just delete the conflict entry



--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander



-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to