Re: [Freeipa-users] getting rid of nsds5ReplConflict
On 05/19/2015 10:10 AM, Megan . wrote: I'm struggling with a replication conflict. I had three masters, dir1, dir2, dir3. There were some weird issues with dir2 where I was getting error 49 (Invalid credentials) without any real information. Where did you see this? command line output? Of what command? In a log file? Which log file? Can you post the exact error message along with the context? When i did ipa-replica-manage list-ruv i saw dir2 twice. Can you post the output? I couldn't get it straight What does get it straight mean? Does it mean you ran some commands? If so, what commands did you run and what was the result? so i decided to try to re-create the replica. I disconnected the replica, ran the del for the replica. When i check for replication conflicts i still see it in there and I can't seem to get it to go away. Deleting and recreating the replica will not remove the replication conflict if the conflict has been replicated to other servers. This document doesn't say anything about resolving replica conflict entries by deleting and re-adding replicas: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html It only shows up on one of the remaining masters. I was trying to follow the documentation The link above? and use ldapmodify to change the dn to cn=olddir2.somewhere.example.something.com7475d90c but everything i seem to be trying doesn't work. What exactly did you do? I'm assuming this entry needs to be cleared up before i can successfully setup dir2 again as a replica. No, not necessarily. Any help would be greatly appreciated. Thanks! [root@dir1 ~]# ldapsearch -x -D cn=directory manager -W -b dc=somewhere,dc=example,dc=something,dc=com nsds5ReplConflict=* \* nsds5ReplConflict Enter LDAP Password: # extended LDIF # # LDAPv3 # base dc=somewhere,dc=example,dc=something,dc=com with scope subtree # filter: nsds5ReplConflict=* # requesting: * nsds5ReplConflict # # dir2.somewhere.example.something.com + 7475d90c-f34911e4-99a0ab24-58022cdf, masters , ipa, etc, somewhere.example.something.com dn: cn=dir2.somewhere.example.something.com+nsuniqueid=7475d90c-f34911e4-99a0ab24-5802 2cdf,cn=masters,cn=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com nsds5ReplConflict: namingConflict cn=dir2.somewhere.example.something.com,cn=masters,c n=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com objectClass: top objectClass: nsContainer cn: dir2.somewhere.example.something.com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] getting rid of nsds5ReplConflict
Thank you for the reply. I think I just got frustrated. I uninstalled ipa on the dir2 replica then set it back up again as a replica. Everything seems to be replicating just fine without errors now. I know that this isn't the preferred or documented solution but i needed the server back online asap. When i run ipa-replica-manage list-ruv i see dir2 listed twice. Is this a concern? [root@dir1 ipa]# ipa-replica-manage list-ruv dir1.example.com:389: 4 dir3.example.com:389: 5 dir2.example.com:389: 6 dir2.example.com:389: 8 On Tue, May 19, 2015 at 12:37 PM, Rich Megginson rmegg...@redhat.com wrote: On 05/19/2015 10:10 AM, Megan . wrote: I'm struggling with a replication conflict. I had three masters, dir1, dir2, dir3. There were some weird issues with dir2 where I was getting error 49 (Invalid credentials) without any real information. Where did you see this? command line output? Of what command? In a log file? Which log file? Can you post the exact error message along with the context? When i did ipa-replica-manage list-ruv i saw dir2 twice. Can you post the output? I couldn't get it straight What does get it straight mean? Does it mean you ran some commands? If so, what commands did you run and what was the result? so i decided to try to re-create the replica. I disconnected the replica, ran the del for the replica. When i check for replication conflicts i still see it in there and I can't seem to get it to go away. Deleting and recreating the replica will not remove the replication conflict if the conflict has been replicated to other servers. This document doesn't say anything about resolving replica conflict entries by deleting and re-adding replicas: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html It only shows up on one of the remaining masters. I was trying to follow the documentation The link above? and use ldapmodify to change the dn to cn=olddir2.somewhere.example.something.com7475d90c but everything i seem to be trying doesn't work. What exactly did you do? I'm assuming this entry needs to be cleared up before i can successfully setup dir2 again as a replica. No, not necessarily. Any help would be greatly appreciated. Thanks! [root@dir1 ~]# ldapsearch -x -D cn=directory manager -W -b dc=somewhere,dc=example,dc=something,dc=com nsds5ReplConflict=* \* nsds5ReplConflict Enter LDAP Password: # extended LDIF # # LDAPv3 # base dc=somewhere,dc=example,dc=something,dc=com with scope subtree # filter: nsds5ReplConflict=* # requesting: * nsds5ReplConflict # # dir2.somewhere.example.something.com + 7475d90c-f34911e4-99a0ab24-58022cdf, masters , ipa, etc, somewhere.example.something.com dn: cn=dir2.somewhere.example.something.com+nsuniqueid=7475d90c-f34911e4-99a0ab24-5802 2cdf,cn=masters,cn=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com nsds5ReplConflict: namingConflict cn=dir2.somewhere.example.something.com,cn=masters,c n=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com objectClass: top objectClass: nsContainer cn: dir2.somewhere.example.something.com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] getting rid of nsds5ReplConflict
On 05/19/2015 12:27 PM, Megan . wrote: Thank you for the reply. I think I just got frustrated. I uninstalled ipa on the dir2 replica then set it back up again as a replica. Everything seems to be replicating just fine without errors now. I know that this isn't the preferred or documented solution but i needed the server back online asap. When i run ipa-replica-manage list-ruv i see dir2 listed twice. Is this a concern? No. When you get a chance, you can remove the one that is no longer used with the documented clean ruv procedure. I believe there is an ipa command for that. [root@dir1 ipa]# ipa-replica-manage list-ruv dir1.example.com:389: 4 dir3.example.com:389: 5 dir2.example.com:389: 6 dir2.example.com:389: 8 On Tue, May 19, 2015 at 12:37 PM, Rich Megginson rmegg...@redhat.com wrote: On 05/19/2015 10:10 AM, Megan . wrote: I'm struggling with a replication conflict. I had three masters, dir1, dir2, dir3. There were some weird issues with dir2 where I was getting error 49 (Invalid credentials) without any real information. Where did you see this? command line output? Of what command? In a log file? Which log file? Can you post the exact error message along with the context? When i did ipa-replica-manage list-ruv i saw dir2 twice. Can you post the output? I couldn't get it straight What does get it straight mean? Does it mean you ran some commands? If so, what commands did you run and what was the result? so i decided to try to re-create the replica. I disconnected the replica, ran the del for the replica. When i check for replication conflicts i still see it in there and I can't seem to get it to go away. Deleting and recreating the replica will not remove the replication conflict if the conflict has been replicated to other servers. This document doesn't say anything about resolving replica conflict entries by deleting and re-adding replicas: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html It only shows up on one of the remaining masters. I was trying to follow the documentation The link above? and use ldapmodify to change the dn to cn=olddir2.somewhere.example.something.com7475d90c but everything i seem to be trying doesn't work. What exactly did you do? I'm assuming this entry needs to be cleared up before i can successfully setup dir2 again as a replica. No, not necessarily. Any help would be greatly appreciated. Thanks! [root@dir1 ~]# ldapsearch -x -D cn=directory manager -W -b dc=somewhere,dc=example,dc=something,dc=com nsds5ReplConflict=* \* nsds5ReplConflict Enter LDAP Password: # extended LDIF # # LDAPv3 # base dc=somewhere,dc=example,dc=something,dc=com with scope subtree # filter: nsds5ReplConflict=* # requesting: * nsds5ReplConflict # # dir2.somewhere.example.something.com + 7475d90c-f34911e4-99a0ab24-58022cdf, masters , ipa, etc, somewhere.example.something.com dn: cn=dir2.somewhere.example.something.com+nsuniqueid=7475d90c-f34911e4-99a0ab24-5802 2cdf,cn=masters,cn=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com nsds5ReplConflict: namingConflict cn=dir2.somewhere.example.something.com,cn=masters,c n=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com objectClass: top objectClass: nsContainer cn: dir2.somewhere.example.something.com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] getting rid of nsds5ReplConflict
Megan . wrote: Thank you for the reply. I think I just got frustrated. I uninstalled ipa on the dir2 replica then set it back up again as a replica. Everything seems to be replicating just fine without errors now. I know that this isn't the preferred or documented solution but i needed the server back online asap. When i run ipa-replica-manage list-ruv i see dir2 listed twice. Is this a concern? [root@dir1 ipa]# ipa-replica-manage list-ruv dir1.example.com:389: 4 dir3.example.com:389: 5 dir2.example.com:389: 6 dir2.example.com:389: 8 You should clean it up using the clean-ruv option of ipa-replica-manage. You should bind as Directory Manager and look in cn=mapping tree,cn=config for nsDS5ReplicaId you'll be able to see the active IDs. I'd guess that 6 is the one to be removed but a search will tell you for sure. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] getting rid of nsds5ReplConflict
I'm struggling with a replication conflict. I had three masters, dir1, dir2, dir3. There were some weird issues with dir2 where I was getting error 49 (Invalid credentials) without any real information. When i did ipa-replica-manage list-ruv i saw dir2 twice. I couldn't get it straight so i decided to try to re-create the replica. I disconnected the replica, ran the del for the replica. When i check for replication conflicts i still see it in there and I can't seem to get it to go away. It only shows up on one of the remaining masters. I was trying to follow the documentation and use ldapmodify to change the dn to cn=olddir2.somewhere.example.something.com7475d90c but everything i seem to be trying doesn't work. I'm assuming this entry needs to be cleared up before i can successfully setup dir2 again as a replica. Any help would be greatly appreciated. Thanks! [root@dir1 ~]# ldapsearch -x -D cn=directory manager -W -b dc=somewhere,dc=example,dc=something,dc=com nsds5ReplConflict=* \* nsds5ReplConflict Enter LDAP Password: # extended LDIF # # LDAPv3 # base dc=somewhere,dc=example,dc=something,dc=com with scope subtree # filter: nsds5ReplConflict=* # requesting: * nsds5ReplConflict # # dir2.somewhere.example.something.com + 7475d90c-f34911e4-99a0ab24-58022cdf, masters , ipa, etc, somewhere.example.something.com dn: cn=dir2.somewhere.example.something.com+nsuniqueid=7475d90c-f34911e4-99a0ab24-5802 2cdf,cn=masters,cn=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com nsds5ReplConflict: namingConflict cn=dir2.somewhere.example.something.com,cn=masters,c n=ipa,cn=etc,dc=somewhere,dc=example,dc=something,dc=com objectClass: top objectClass: nsContainer cn: dir2.somewhere.example.something.com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project