Angus Clarke via FreeIPA-users wrote: > Hi all > > After decommissioning 2 IPA servers some time back (reduced from 8 to 6) > I recently noticed that one of the decommissioned servers still appears > when issuing commands like "ipa server-find." It only appears on 2 of > the existing servers, not the other 4. > > "ipa server-del" and "ipa-replica-manage del" both report "server not > found" for the decomm'ed server entry, when issued on any of the 6 IPA > servers. > > So I suspect I have some stale LDAP entry left behind from the > decommission process (I forget exactly what process I followed, it was > over a year ago) and was thinking about deleting that entry from LDAP. > > Not having much familiarity with LDAP, I found a post here from the > venerable Rob which tells me how to find such entries (with a bit of > fumbling with grep!) and indeed I see the entry on the 2 IPA servers but > not the other 4. > https://www.redhat.com/archives/freeipa-users/2015-December/msg00089.html > > > [root@ipa6 ~]# ldapsearch -Y GSSAPI -b cn=computers,cn=accounts,dc=dom > "krbprincipalkey=*" dn 2>/dev/null | grep ipa7.example.dom > # ipa7.example.dom + 9554ab01-42e811e8-a6dce53f-3a18cb6e, computers, acc > dn: fqdn=ipa7.example.dom+nsuniqueid=9554ab01-42e811e8-a6dce53f-3a18cb6
This is a replication conflict entry. You can use ldapdelete or ldapmodify to remove it. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org