Hello, I have a FreeIPA setup in which some masters suffered from a few uncontrolled shutdowns and now there are replication conflicts (which prevent from setting the Domain Level to 1).
I was trying to follow the instructions here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/ipa-replica-manage.html But unfortunately I'm not getting anywhere. This the result of an ldapsearch for replication conflicts: > [root@moscovium ~]# ldapsearch -x -D "cn=directory manager" -W -b > "dc=ipa,dc=rdmedia,dc=com" "nsds5ReplConflict=*" \* nsds5ReplConflict > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base <dc=ipa,dc=rdmedia,dc=com> with scope subtree > # filter: nsds5ReplConflict=* > # requesting: * nsds5ReplConflict > # > # servers + 334bfc53-cdae11e6-8a85a70a-bda98fae, dns, ipa.rdmedia.com > dn: > cn=servers+nsuniqueid=334bfc53-cdae11e6-8a85a70a-bda98fae,cn=dns,dc=ipa,dc > =rdmedia,dc=com > objectClass: nsContainer > objectClass: top > cn: servers > nsds5ReplConflict: namingConflict > cn=servers,cn=dns,dc=ipa,dc=rdmedia,dc=com > # System: Add CA + 334bfbe5-cdae11e6-8a85a70a-bda98fae, permissions, pbac, > ipa. > rdmedia.com > dn: cn=System: Add > CA+nsuniqueid=334bfbe5-cdae11e6-8a85a70a-bda98fae,cn=permis > sions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=ipaca) > ipaPermRight: add > ipaPermBindRuleType: permission > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Add CA > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > member: cn=CA Administrator,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermLocation: cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: add > ca,cn=permissions,cn=pbac,dc= > ipa,dc=rdmedia,dc=com # System: Delete CA + 334bfbe9-cdae11e6-8a85a70a-bda98fae, permissions, > pbac, i > pa.rdmedia.com > dn: cn=System: Delete > CA+nsuniqueid=334bfbe9-cdae11e6-8a85a70a-bda98fae,cn=per > missions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=ipaca) > ipaPermRight: delete > ipaPermBindRuleType: permission > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Delete CA > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > member: cn=CA Administrator,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermLocation: cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: delete > ca,cn=permissions,cn=pbac, > dc=ipa,dc=rdmedia,dc=com > # System: Modify CA + 334bfbed-cdae11e6-8a85a70a-bda98fae, permissions, > pbac, i > pa.rdmedia.com > dn: cn=System: Modify > CA+nsuniqueid=334bfbed-cdae11e6-8a85a70a-bda98fae,cn=per > missions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=ipaca) > ipaPermRight: write > ipaPermBindRuleType: permission > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Modify CA > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > member: cn=CA Administrator,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermDefaultAttr: description > ipaPermDefaultAttr: cn > ipaPermLocation: cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: modify > ca,cn=permissions,cn=pbac, > dc=ipa,dc=rdmedia,dc=com > # System: Read CAs + 334bfbf1-cdae11e6-8a85a70a-bda98fae, permissions, > pbac, ip > a.rdmedia.com > dn: cn=System: Read > CAs+nsuniqueid=334bfbf1-cdae11e6-8a85a70a-bda98fae,cn=perm > issions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=ipaca) > ipaPermRight: read > ipaPermRight: compare > ipaPermRight: search > ipaPermBindRuleType: all > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Read CAs > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > ipaPermDefaultAttr: description > ipaPermDefaultAttr: ipacaissuerdn > ipaPermDefaultAttr: objectclass > ipaPermDefaultAttr: ipacasubjectdn > ipaPermDefaultAttr: ipacaid > ipaPermDefaultAttr: cn > ipaPermLocation: cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: read > cas,cn=permissions,cn=pbac,d > c=ipa,dc=rdmedia,dc=com > # System: Modify DNS Servers Configuration + > 334bfbf6-cdae11e6-8a85a70a-bda98fa > e, permissions, pbac, ipa.rdmedia.com > dn: cn=System: Modify DNS Servers > Configuration+nsuniqueid=334bfbf6-cdae11e6-8 > a85a70a-bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=idnsServerConfigObject) > ipaPermRight: write > ipaPermBindRuleType: permission > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Modify DNS Servers Configuration > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > member: cn=DNS > Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermDefaultAttr: idnssoamname > ipaPermDefaultAttr: idnssubstitutionvariable > ipaPermDefaultAttr: idnsforwardpolicy > ipaPermDefaultAttr: idnsforwarders > ipaPermLocation: dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: modify dns servers > configuration, > cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > # System: Read DNS Servers Configuration + > 334bfbfa-cdae11e6-8a85a70a-bda98fae, > permissions, pbac, ipa.rdmedia.com > dn: cn=System: Read DNS Servers > Configuration+nsuniqueid=334bfbfa-cdae11e6-8a8 > 5a70a-bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=idnsServerConfigObject) > ipaPermRight: read > ipaPermRight: compare > ipaPermRight: search > ipaPermBindRuleType: permission > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Read DNS Servers Configuration > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > member: cn=DNS > Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > member: cn=DNS Servers,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermDefaultAttr: idnsforwardpolicy > ipaPermDefaultAttr: objectclass > ipaPermDefaultAttr: idnsforwarders > ipaPermDefaultAttr: idnsserverid > ipaPermDefaultAttr: idnssubstitutionvariable > ipaPermDefaultAttr: idnssoamname > ipaPermLocation: dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: read dns servers > configuration,cn > =permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > # System: Manage Host Principals + 334bfc0b-cdae11e6-8a85a70a-bda98fae, > permiss > ions, pbac, ipa.rdmedia.com > dn: cn=System: Manage Host > Principals+nsuniqueid=334bfc0b-cdae11e6-8a85a70a-bd > a98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=ipahost) > ipaPermRight: write > ipaPermBindRuleType: permission > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Manage Host Principals > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > member: cn=Host > Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermDefaultAttr: krbprincipalname > ipaPermDefaultAttr: krbcanonicalname > ipaPermLocation: cn=computers,cn=accounts,dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: manage host > principals,cn=permiss > ions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > # System: Add IPA Locations + 334bfc20-cdae11e6-8a85a70a-bda98fae, > permissions, > pbac, ipa.rdmedia.com > dn: cn=System: Add IPA > Locations+nsuniqueid=334bfc20-cdae11e6-8a85a70a-bda98fa > e,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=ipaLocationObject) > ipaPermRight: add > ipaPermBindRuleType: permission > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Add IPA Locations > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > member: cn=DNS > Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermLocation: cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: add ipa > locations,cn=permissions, > cn=pbac,dc=ipa,dc=rdmedia,dc=com > # System: Modify IPA Locations + 334bfc24-cdae11e6-8a85a70a-bda98fae, > permissio > ns, pbac, ipa.rdmedia.com > dn: cn=System: Modify IPA > Locations+nsuniqueid=334bfc24-cdae11e6-8a85a70a-bda9 > 8fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=ipaLocationObject) > ipaPermRight: write > ipaPermBindRuleType: permission > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Modify IPA Locations > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > member: cn=DNS > Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermDefaultAttr: description > ipaPermLocation: cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: modify ipa > locations,cn=permissio > ns,cn=pbac,dc=ipa,dc=rdmedia,dc=com > # System: Read IPA Locations + 334bfc28-cdae11e6-8a85a70a-bda98fae, > permissions > , pbac, ipa.rdmedia.com > dn: cn=System: Read IPA > Locations+nsuniqueid=334bfc28-cdae11e6-8a85a70a-bda98f > ae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=ipaLocationObject) > ipaPermRight: read > ipaPermRight: compare > ipaPermRight: search > ipaPermBindRuleType: permission > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Read IPA Locations > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > member: cn=DNS > Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermDefaultAttr: objectclass > ipaPermDefaultAttr: description > ipaPermDefaultAttr: idnsname > ipaPermLocation: cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: read ipa > locations,cn=permissions > ,cn=pbac,dc=ipa,dc=rdmedia,dc=com > # System: Remove IPA Locations + 334bfc2c-cdae11e6-8a85a70a-bda98fae, > permissio > ns, pbac, ipa.rdmedia.com > dn: cn=System: Remove IPA > Locations+nsuniqueid=334bfc2c-cdae11e6-8a85a70a-bda9 > 8fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=ipaLocationObject) > ipaPermRight: delete > ipaPermBindRuleType: permission > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Remove IPA Locations > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > member: cn=DNS > Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermLocation: cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: remove ipa > locations,cn=permissio > ns,cn=pbac,dc=ipa,dc=rdmedia,dc=com > # System: Read Locations of IPA Servers + > 334bfc30-cdae11e6-8a85a70a-bda98fae, > permissions, pbac, ipa.rdmedia.com > dn: cn=System: Read Locations of IPA > Servers+nsuniqueid=334bfc30-cdae11e6-8a85 > a70a-bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=ipaConfigObject) > ipaPermRight: read > ipaPermRight: compare > ipaPermRight: search > ipaPermBindRuleType: permission > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Read Locations of IPA Servers > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > member: cn=DNS > Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermDefaultAttr: objectclass > ipaPermDefaultAttr: ipaserviceweight > ipaPermDefaultAttr: ipalocation > ipaPermDefaultAttr: cn > ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: read locations of ipa > servers,cn= > permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > # System: Read Status of Services on IPA Servers + > 334bfc34-cdae11e6-8a85a70a-b > da98fae, permissions, pbac, ipa.rdmedia.com > dn: cn=System: Read Status of Services on IPA > Servers+nsuniqueid=334bfc34-cdae > 11e6-8a85a70a-bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=ipaConfigObject) > ipaPermRight: read > ipaPermRight: compare > ipaPermRight: search > ipaPermBindRuleType: permission > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Read Status of Services on IPA Servers > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > member: cn=DNS > Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermDefaultAttr: objectclass > ipaPermDefaultAttr: ipaconfigstring > ipaPermDefaultAttr: cn > ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: read status of services on > ipa se > rvers,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > # System: Manage Service Principals + 334bfc38-cdae11e6-8a85a70a-bda98fae, > perm > issions, pbac, ipa.rdmedia.com > dn: cn=System: Manage Service > Principals+nsuniqueid=334bfc38-cdae11e6-8a85a70a > -bda98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=ipaservice) > ipaPermRight: write > ipaPermBindRuleType: permission > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Manage Service Principals > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > member: cn=Service > Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=c > om > ipaPermDefaultAttr: krbprincipalname > ipaPermDefaultAttr: krbcanonicalname > ipaPermLocation: cn=services,cn=accounts,dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: manage service > principals,cn=perm > issions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > # System: Manage User Principals + 334bfc45-cdae11e6-8a85a70a-bda98fae, > permiss > ions, pbac, ipa.rdmedia.com > dn: cn=System: Manage User > Principals+nsuniqueid=334bfc45-cdae11e6-8a85a70a-bd > a98fae,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > ipaPermTargetFilter: (objectclass=posixaccount) > ipaPermRight: write > ipaPermBindRuleType: permission > ipaPermissionType: V2 > ipaPermissionType: MANAGED > ipaPermissionType: SYSTEM > cn: System: Manage User Principals > objectClass: ipapermission > objectClass: top > objectClass: groupofnames > objectClass: ipapermissionv2 > member: cn=User > Administrators,cn=privileges,cn=pbac,dc=ipa,dc=rdmedia,dc=com > member: cn=Modify Users and Reset > passwords,cn=privileges,cn=pbac,dc=ipa,dc=rd > media,dc=com > ipaPermDefaultAttr: krbprincipalname > ipaPermDefaultAttr: krbcanonicalname > ipaPermLocation: cn=users,cn=accounts,dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict cn=system: manage user > principals,cn=permiss > ions,cn=pbac,dc=ipa,dc=rdmedia,dc=com > # locations + 334bfba2-cdae11e6-8a85a70a-bda98fae, etc, ipa.rdmedia.com > dn: > cn=locations+nsuniqueid=334bfba2-cdae11e6-8a85a70a-bda98fae,cn=etc,dc=ipa, > dc=rdmedia,dc=com > objectClass: nsContainer > objectClass: top > cn: locations > nsds5ReplConflict: namingConflict > cn=locations,cn=etc,dc=ipa,dc=rdmedia,dc=com > aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl > "permi > ssion:System: Add IPA Locations";allow (add) groupdn = > "ldap:///cn=System: Ad > d IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com";) > aci: (targetattr = "description")(targetfilter = > "(objectclass=ipaLocationObje > ct)")(version 3.0;acl "permission:System: Modify IPA Locations";allow > (write) > groupdn = "ldap:///cn=System: Modify IPA > Locations,cn=permissions,cn=pbac,dc > =ipa,dc=rdmedia,dc=com";) > aci: (targetattr = "createtimestamp || description || entryusn || idnsname > || > modifytimestamp || objectclass")(targetfilter = > "(objectclass=ipaLocationObje > ct)")(version 3.0;acl "permission:System: Read IPA Locations";allow > (compare, > read,search) groupdn = "ldap:///cn=System: Read IPA > Locations,cn=permissions, > cn=pbac,dc=ipa,dc=rdmedia,dc=com";) > aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl > "permi > ssion:System: Remove IPA Locations";allow (delete) groupdn = > "ldap:///cn=Syst > em: Remove IPA > Locations,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com";) > # neon.ipa.rdmedia.com + 1b780d06-017611e6-966aeb96-de53d9d8, computers, > accoun > ts, ipa.rdmedia.com > dn: fqdn=neon.ipa.rdmedia.com > +nsuniqueid=1b780d06-017611e6-966aeb96-de53d9d8,c > n=computers,cn=accounts,dc=ipa,dc=rdmedia,dc=com > krbExtraData:: > AAJIQA5XaG9zdC9uZW9uLmlwYS5yZG1lZGlhLmNvbUBJUEEuUkRNRURJQS5DT00 > A > enrolledBy: uid=admin,cn=users,cn=accounts,dc=ipa,dc=rdmedia,dc=com > krbLastPwdChange: 20160413124912Z > krbPrincipalKey:: > MIIBKKADAgEBoQMCAQGiAwIBAaMDAgEBpIIBEDCCAQwwS6FJMEegAwIBEqFA > > BD4gAPd2yVptQC/d3mk7xdb3skL+KkkUzewAxCF0FJgXXuBVt1y2GHtnhzILNe91amjovgXAFEujn > > 8x6YrwHXDA7oTkwN6ADAgERoTAELhAAPbI3gwakFyt9EnCqDLWst6FeXKO0Fwvx3+gZZOGmYQpr0Z > > ujLLtmJuJVmS8wQ6FBMD+gAwIBEKE4BDYYABMJXEKVH2Yn4nGzJ5woqDjO2dVUx8nQ+1NSi6dREwy > > 8T+7VrbdVOpaQgkUx4czwkhxKvVcwO6E5MDegAwIBF6EwBC4QABWhTKkWc50oJlpSw/FK2yhl+ZUo > MZt0XHA/xdPXDD3DxGV5cx2MgvJEhJzs > cn: neon.ipa.rdmedia.com > objectClass: ipaobject > objectClass: ieee802device > objectClass: nshost > objectClass: ipaservice > objectClass: pkiuser > objectClass: ipahost > objectClass: krbprincipal > objectClass: krbprincipalaux > objectClass: ipasshhost > objectClass: top > objectClass: ipaSshGroupOfPubKeys > fqdn: neon.ipa.rdmedia.com > managedBy: fqdn=neon.ipa.rdmedia.com > ,cn=computers,cn=accounts,dc=ipa,dc=rdmedi > a,dc=com > krbPrincipalName: host/[email protected] > serverHostName: neon > ipaUniqueID: 1eaa355c-0176-11e6-8dd5-001a4aa7101c > krbPwdPolicyReference: cn=Default Host Password > Policy,cn=computers,cn=account > s,dc=ipa,dc=rdmedia,dc=com > nsds5ReplConflict: namingConflict fqdn=neon.ipa.rdmedia.com > ,cn=computers,cn=ac > counts,dc=ipa,dc=rdmedia,dc=com > # cas + 334bfba8-cdae11e6-8a85a70a-bda98fae, ca, ipa.rdmedia.com > dn: > cn=cas+nsuniqueid=334bfba8-cdae11e6-8a85a70a-bda98fae,cn=ca,dc=ipa,dc=rdme > dia,dc=com > objectClass: nsContainer > objectClass: top > cn: cas > nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com > aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl > "permission:System > : Add CA";allow (add) groupdn = "ldap:///cn=System: Add > CA,cn=permissions,cn= > pbac,dc=ipa,dc=rdmedia,dc=com";) > aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl > "permission:System > : Delete CA";allow (delete) groupdn = "ldap:///cn=System: Delete > CA,cn=permis > sions,cn=pbac,dc=ipa,dc=rdmedia,dc=com";) > aci: (targetattr = "cn || description")(targetfilter = > "(objectclass=ipaca)")( > version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = > "ldap: > ///cn=System: Modify CA,cn=permissions,cn=pbac,dc=ipa,dc=rdmedia,dc=com";) > aci: (targetattr = "cn || createtimestamp || description || entryusn || > ipacai > d || ipacaissuerdn || ipacasubjectdn || modifytimestamp || > objectclass")(targ > etfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: > Read CA > s";allow (compare,read,search) userdn = "ldap:///all";;) > # custodia + 334bfbdb-cdae11e6-8a85a70a-bda98fae, ipa, etc, > ipa.rdmedia.com > dn: > cn=custodia+nsuniqueid=334bfbdb-cdae11e6-8a85a70a-bda98fae,cn=ipa,cn=etc,d > c=ipa,dc=rdmedia,dc=com > objectClass: nsContainer > objectClass: top > cn: custodia > nsds5ReplConflict: namingConflict > cn=custodia,cn=ipa,cn=etc,dc=ipa,dc=rdmedia, > dc=com > # domain + 334bfb9e-cdae11e6-8a85a70a-bda98fae, topology, ipa, etc, > ipa.rdmedia > .com > dn: > cn=domain+nsuniqueid=334bfb9e-cdae11e6-8a85a70a-bda98fae,cn=topology,cn=ip > a,cn=etc,dc=ipa,dc=rdmedia,dc=com > nsds5ReplicaStripAttrs: modifiersName modifyTimestamp > internalModifiersName in > ternalModifyTimestamp > ipaReplTopoConfRoot: dc=ipa,dc=rdmedia,dc=com > objectClass: top > objectClass: iparepltopoconf > nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn > krblasts > uccessfulauth krblastfailedauth krbloginfailedcount > nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof > idnssoaserial > entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount > cn: domain > nsds5ReplConflict: namingConflict > cn=domain,cn=topology,cn=ipa,cn=etc,dc=ipa,d > c=rdmedia,dc=com > # ca + 334bfbe0-cdae11e6-8a85a70a-bda98fae, topology, ipa, etc, > ipa.rdmedia.com > dn: > cn=ca+nsuniqueid=334bfbe0-cdae11e6-8a85a70a-bda98fae,cn=topology,cn=ipa,cn > =etc,dc=ipa,dc=rdmedia,dc=com > objectClass: top > objectClass: iparepltopoconf > cn: ca > ipaReplTopoConfRoot: o=ipaca > nsds5ReplConflict: namingConflict > cn=ca,cn=topology,cn=ipa,cn=etc,dc=ipa,dc=rd > media,dc=com > # dogtag + 334bfbdd-cdae11e6-8a85a70a-bda98fae, custodia + > 334bfbdb-cdae11e6-8a > 85a70a-bda98fae, ipa, etc, ipa.rdmedia.com > dn: > cn=dogtag+nsuniqueid=334bfbdd-cdae11e6-8a85a70a-bda98fae,cn=custodia+nsuni > > queid=334bfbdb-cdae11e6-8a85a70a-bda98fae,cn=ipa,cn=etc,dc=ipa,dc=rdmedia,dc= > com > objectClass: nsContainer > objectClass: top > cn: dogtag > nsds5ReplConflict: namingConflict > cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=ipa,d > c=rdmedia,dc=com > # lawrencium + 6c7e3d83-c11711e6-8a85a70a-bda98fae, ipa.rdmedia.com., > dns, ipa. > rdmedia.com > dn: > idnsName=lawrencium+nsuniqueid=6c7e3d83-c11711e6-8a85a70a-bda98fae,idnsnam > e=ipa.rdmedia.com.,cn=dns,dc=ipa,dc=rdmedia,dc=com > aRecord: 192.168.50.55 > dNSTTL: 1200 > objectClass: idnsRecord > objectClass: top > idnsName: lawrencium > nsds5ReplConflict: namingConflict idnsname=lawrencium,idnsname= > ipa.rdmedia.com > .,cn=dns,dc=ipa,dc=rdmedia,dc=com > # mendelevium + e5710f85-c5c511e6-8a85a70a-bda98fae, ipa.rdmedia.com., > dns, ipa > .rdmedia.com > dn: > idnsName=mendelevium+nsuniqueid=e5710f85-c5c511e6-8a85a70a-bda98fae,idnsna > me=ipa.rdmedia.com.,cn=dns,dc=ipa,dc=rdmedia,dc=com > aRecord: 192.168.50.52 > dNSTTL: 1200 > objectClass: idnsRecord > objectClass: top > idnsName: mendelevium > nsds5ReplConflict: namingConflict idnsname=mendelevium,idnsname= > ipa.rdmedia.co > m.,cn=dns,dc=ipa,dc=rdmedia,dc=com > # 41 + e764de07-5e2f11e6-bd76eb96-de53d9d8, 120.100.10.in-addr.arpa., dns, > ipa. > rdmedia.com > dn: > idnsname=41+nsuniqueid=e764de07-5e2f11e6-bd76eb96-de53d9d8,idnsname=120.10 > 0.10.in-addr.arpa.,cn=dns,dc=ipa,dc=rdmedia,dc=com > objectClass: top > objectClass: idnsrecord > pTRRecord: arsenica.ipa.rdmedia.com. > idnsName: 41 > nsds5ReplConflict: namingConflict > idnsname=41,idnsname=120.100.10.in-addr.arpa > .,cn=dns,dc=ipa,dc=rdmedia,dc=com > # ipa + 58d90aec-cdae11e6-8a85a70a-bda98fae, cas + > 334bfba8-cdae11e6-8a85a70a-b > da98fae, ca, ipa.rdmedia.com > dn: > cn=ipa+nsuniqueid=58d90aec-cdae11e6-8a85a70a-bda98fae,cn=cas+nsuniqueid=33 > 4bfba8-cdae11e6-8a85a70a-bda98fae,cn=ca,dc=ipa,dc=rdmedia,dc=com > description: IPA CA > ipaCaIssuerDN: CN=Certificate Authority,O=IPA.RDMEDIA.COM > objectClass: top > objectClass: ipaca > ipaCaSubjectDN: CN=Certificate Authority,O=IPA.RDMEDIA.COM > ipaCaId: 21547c03-13c3-4f4f-992b-b0257012d1c1 > cn: ipa > nsds5ReplConflict: namingConflict > cn=ipa,cn=cas,cn=ca,dc=ipa,dc=rdmedia,dc=com > # search result > search: 2 > result: 0 Success > # numResponses: 28 > # numEntries: 27 So when I try eg. this... [root@moscovium ~]# ldapmodify -x -D "cn=directory manager" -W -h > moscovium.ipa.rdmedia.com -p 389 > Enter LDAP Password: > dn: fqdn=neon.ipa.rdmedia.com > +nsuniqueid=1b780d06-017611e6-966aeb96-de53d9d8,c > n=computers,cn=accounts,dc=ipa,dc=rdmedia,dc=com > changetype: modrdn > newrdn fqdn=neontemp.ipa.rdmedia.com > deleteoldrdn: 0 ...I get: ldapmodify: invalid format (line 3) entry: "fqdn=neon.ipa.rdmedia.com > +nsuniqueid=1b780d06-017611e6-966aeb96-de53d9d8,cn=computers,cn=accounts,dc=ipa,dc=rdmedia,dc=com" So my question: what can I do to resolve the conflicts? -- Tiemen Ruiten Systems Engineer R&D Media
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
