This pretty much describes my issue: https://access.redhat.com/solutions/136993 <https://access.redhat.com/solutions/136993>
ipa-server.x86_64 3.0.0-50.el6.centos.3 But it’s a little more complicated than that. My goal at this point is just to get to one master with no replication, no remnants of replication, no dangling this or that in either the the main LDAP or the CA instance. But, I think I’ve hosed it up pretty good, all things replication that is. So there is only one live server now, sso-109.nym1.placeiq.net <http://sso-109.nym1.placeiq.net/> But in going through the steps in that article I noticed something strange. Notice the ReplicaBindDN principalname in the first command, that server no longer exists And notice the the ID, 40. Then look at the output from the next command. ID 40 is actually sso-109, am I reading that right?? and of course CLEANRUV40 gives "error 53 unwilling to perform” - which is expected ?? I think, maybe I don’t know :( So uh, how do I un-F… myself here? Can I like manually delete that replication instance 40? If I’m saying, I just want one master, no replicas (will of course create a replica once I’m sure my one master is squared away), should I be able to get the db to a state with no nsDS5Replica entries? [root@sso-109:(NYM) slapd-PKI-IPA]$ ldapsearch -xLLL -D "cn=directory manager" -W -s sub -b cn=config objectclass=nsds5replica Enter LDAP Password: dn: cn=replica,cn=dc\3Dplaceiq\2Cdc\3Dnet,cn=mapping tree,cn=config cn: replica nsDS5Flags: 1 objectClass: top objectClass: nsds5replica objectClass: extensibleobject nsDS5ReplicaType: 3 nsDS5ReplicaRoot: dc=placeiq,dc=net nsds5ReplicaLegacyConsumer: off nsDS5ReplicaId: 40 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaBindDN: krbprincipalname=ldap/[email protected] ,cn=services,cn=accounts,dc=placeiq,dc=net nsState:: KAAAAAAAAADkKWRYAAAAAAAAAAAAAAAADwAAAAAAAAASAAAAAAAAAA== nsDS5ReplicaName: 889b4308-86c311e6-95188dad-28da3cc2 nsds5ReplicaChangeCount: 13615 nsds5replicareapactive: 0 [root@sso-109:(NYM) slapd-PKI-IPA]$ ldapsearch -xLLL -D "cn=directory manager" -W -b dc=placeiq,dc=net \ > > '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))' Enter LDAP Password: ldap_bind: Invalid credentials (49) [root@sso-109:(NYM) slapd-PKI-IPA]$ ldapsearch -xLLL -D "cn=directory manager" -W -b dc=placeiq,dc=net '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))' Enter LDAP Password: dn: nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,dc=placeiq,dc=net objectClass: top objectClass: nsTombstone objectClass: extensibleobject nsds50ruv: {replicageneration} 52b07d23000000040000 nsds50ruv: {replica 40 ldap://sso-109.nym1.placeiq.net:389} 57ede5500007002800 00 58642aad000100280000 dc: placeiq nsruvReplicaLastModified: {replica 40 ldap://sso-109.nym1.placeiq.net:389} 586 42a9e <http://www.placeiq.com/> <http://www.placeiq.com/> <http://www.placeiq.com/> Jim Richard <https://twitter.com/placeiq> <https://twitter.com/placeiq> <https://twitter.com/placeiq> <https://www.facebook.com/PlaceIQ> <https://www.facebook.com/PlaceIQ> <https://www.linkedin.com/company/placeiq> <https://www.linkedin.com/company/placeiq> SYSTEM ADMINISTRATOR III (646) 338-8905 <http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/>
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
