Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

users@redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 26.01.2016 21:51, Martin Basti wrote: > > > On 26.01.2016 21:03, Nathan Peters wrote: >> After some more investigation, it appears that there may be m

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

branch, but they are wrong as they only apply to cert manager, and not all users I'm not sure if this covers your issues, but it may be related https://fedorahosted.org/freeipa/ticket/5412 Martin and this https://fedorahosted.org/freeipa/ticket/5575 -Original Message- From:

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

ion:Add Replication Agreements";al low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn= pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd s5replicationagreement)(objectclass=nsDSWindowsReplicationAgre

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

ctually 3 issues : === 1. Missing aci on base cn=config entry 2. Missing aci on dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config branch 3. acis are on the o=ipaca branch, but they are wrong as they only apply to cert manager, and not all users -Original Message- From: M

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

l "permission:Modify Replication Agreeme nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob jectclass

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

(objectCl ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";) aci: (targetattr=*)(targetfilter="(|(objectcla

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

dnaNextValue || dnaThre shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range"; allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss ions,cn=pbac,dc=myproddomain,dc=net";) # userRoot, ldbm database, plugins, config dn: cn=userRoot,cn=ld

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

uot;permission:Read DNA Range"; allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss ions,cn=pbac,dc=myproddomain,dc=net";) # userRoot, ldbm database, plugins, config dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config aci: (targetattr=nsslapd-readonly)(

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

(read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss ions,cn=pbac,dc=dev-mydomain,dc=net";) # userRoot, ldbm database, plugins, config dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the dat

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

updn = "ldap:///cn=Read DNA Range,cn=permiss ions,cn=pbac,dc=dev-mydomain,dc=net";) # userRoot, ldbm database, plugins, config dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas e readonly"; al

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

ies: 12 -Original Message- From: Rich Megginson [mailto:rmegg...@redhat.com] Sent: January-21-16 7:29 AM To: Nathan Peters; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists On 01/21/2016 12:50 A

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

rch result search: 2 result: 0 Success # numResponses: 13 # numEntries: 12 -Original Message- From: Rich Megginson [mailto:rmegg...@redhat.com] Sent: January-21-16 7:29 AM To: Nathan Peters; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

conn=76094 op=5 UNBIND [21/Jan/2016:19:54:40 -0800] conn=76094 op=5 fd=143 closed - U1 -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Ludwig Krispenz Sent: January-21-16 7:45 AM To: freeipa-users@redhat.com Subject: Re: [Fre

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

om: freeipa-users-boun...@redhat.com > [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Nathan Peters > Sent: January-20-16 11:41 PM > To: Rich Megginson; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails > with DuplicateEntry: Th

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

Megginson; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists All checks below were performed from the host we are trying to turn into a replica and they were performed against the master who logs I also show

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

users@redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists All checks below were performed from the host we are trying to turn into a replica and they were performed against the master who logs I also show The first check was to

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

ectClass: nsIndex # search result search: 4 result: 0 Success # numResponses: 51 # numEntries: 50 -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson Sent: January-20-16 11:44 AM To: freeipa-users@redhat.com Subj

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

default indexes, config, ldbm database, plugins, config dn: cn=uniquemember,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,c n=config cn: uniquemember objectClass: top objectClass: nsIndex # search result search: 4 result: 0 Success # numResponses: 51 # numEntries: 50 -Original Message-

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 -----Original Message----- From: Petr Vobornik [mailto:pvobo...@redhat.com] Sent: January-20-16 2:02 AM To: Rob Crittenden; Nathan Peters; Ludwig Krispenz Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Freei

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

aLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 1970010100Z nsds5replicaLastInitEnd: 1970010100Z # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 -Original Message

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

On 01/20/2016 12:31 AM, Rob Crittenden wrote: Nathan Peters wrote: [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 [18/Jan/2

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

Nathan Peters wrote: > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD > dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" > [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 > nentries=0 etime=0 > [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBI

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

tEnd: 1970010100Z # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: January-19-16 12:33 PM To: Nathan Peters; Ludwig Krispenz Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Fre

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

"(objectClass=*)" attrs=ALL > [18/Jan/2016:09:28:32 -0800] conn=2 op=2 RESULT err=32 tag=101 nentries=0 > etime=0 > [18/Jan/2016:09:28:32 -0800] conn=2 op=3 SRCH base="cn=schema" scope=0 > filter="(objectClass=*)" attrs="attributeTypes objectClasses

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

-0800] conn=2 op=9 MOD dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:32 -0800] conn=2 op=9 RESULT err=0 tag=103 nentries=0 etime=0 [18/Jan/2016:09:28:32 -0800] conn=2 op=10 ADD dn="cn=Peer Master,cn=mapping,cn=sasl,cn=config" [18/Jan/2016:

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

On 01/18/2016 11:04 AM, Ludwig Krispenz wrote: On 01/18/2016 04:47 AM, Nathan Peters wrote: This is another issue I'm not sure how to debug or solve in 4.3.0. A failed replica installation left a replica with stuff in the tree, but not configured properly on the localhost. I did ipa-server-i

Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

On 01/18/2016 04:47 AM, Nathan Peters wrote: This is another issue I'm not sure how to debug or solve in 4.3.0. A failed replica installation left a replica with stuff in the tree, but not configured properly on the localhost. I did ipa-server-install --uninstall as suggested by the instal

[Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists

This is another issue I'm not sure how to debug or solve in 4.3.0. A failed replica installation left a replica with stuff in the tree, but not configured properly on the localhost. I did ipa-server-install -uninstall as suggested by the installation program and it deleted the local copy of th