This pretty much describes my issue: 

ipa-server.x86_64 3.0.0-50.el6.centos.3

But it’s a little more complicated than that.

My goal at this point is just to get to one master with no replication, no 
remnants of replication, no dangling this or that in either the the main LDAP 
or the CA instance.

But, I think I’ve hosed it up pretty good, all things replication that is.

So there is only one live server now, 

But in going through the steps in that article I noticed something strange.

Notice the ReplicaBindDN principalname in the first command, that server no 
longer exists
And notice the the ID, 40. Then look at the output from the next command.

ID 40 is actually sso-109, am I reading that right?? 

and of course CLEANRUV40 gives "error 53 unwilling to perform” - which is 
expected ?? I think, maybe I don’t know :(

So uh, how do I un-F… myself here?

Can I like manually delete that replication instance 40?

If I’m saying, I just want one master, no replicas (will of course create a 
replica once I’m sure my one master is squared away), should I be able to get 
the db to a state with no nsDS5Replica entries?

[root@sso-109:(NYM) slapd-PKI-IPA]$ ldapsearch -xLLL -D "cn=directory manager" 
-W -s sub -b cn=config objectclass=nsds5replica
Enter LDAP Password:
dn: cn=replica,cn=dc\3Dplaceiq\2Cdc\3Dnet,cn=mapping tree,cn=config
cn: replica
nsDS5Flags: 1
objectClass: top
objectClass: nsds5replica
objectClass: extensibleobject
nsDS5ReplicaType: 3
nsDS5ReplicaRoot: dc=placeiq,dc=net
nsds5ReplicaLegacyConsumer: off
nsDS5ReplicaId: 40
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindDN: krbprincipalname=ldap/
nsDS5ReplicaName: 889b4308-86c311e6-95188dad-28da3cc2
nsds5ReplicaChangeCount: 13615
nsds5replicareapactive: 0

[root@sso-109:(NYM) slapd-PKI-IPA]$ ldapsearch -xLLL -D "cn=directory manager" 
-W -b dc=placeiq,dc=net \
> '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))'
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
[root@sso-109:(NYM) slapd-PKI-IPA]$ ldapsearch -xLLL -D "cn=directory manager" 
-W -b dc=placeiq,dc=net  
Enter LDAP Password:
dn: nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,dc=placeiq,dc=net
objectClass: top
objectClass: nsTombstone
objectClass: extensibleobject
nsds50ruv: {replicageneration} 52b07d23000000040000
nsds50ruv: {replica 40 ldap://} 57ede5500007002800
 00 58642aad000100280000
dc: placeiq
nsruvReplicaLastModified: {replica 40 ldap://} 586

 <> <> <>  
Jim Richard      <> <> 
<>       <> 
<>   <> 
(646) 338-8905  


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to