Hi, We had to replace a failed replica "ipa003.mgmt.prod.local". Unfortunately, deleting the old copy prior to creating the replacement doesn't seem to have worked and we're getting lots of errors like :-
attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa003.mgmt.prod.local:389 ... failed. In the dirsrv logs. One problem is that there are now two RUVs for ipa003.mgmt.prod.local. How do I identify which is the live one so I can delete the redundant one ? I'd also like to delete all the old "unable to decode" replicas. I found a posting with an ldapsearch (see below), but this seems to give numbers that don't match the replica IDs. Do I need to translate the search results in some fashion or use a different search ? Many Thanks Bob Hinton -sh-4.2$ cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.2 (Maipo) -sh-4.2$ ipa --version VERSION: 4.2.0, API_VERSION: 2.156 sh-4.2$ sudo ipa-replica-manage list-ruv Directory Manager password: unable to decode: {replica 15} 568d15720002000f0000 568d15720002000f0000 unable to decode: {replica 13} 568ed0a90001000d0000 56ebea6b0001000d0000 unable to decode: {replica 14} 568d16ea0000000e0000 56ab57950005000e0000 ipa002.mgmt.prod.local:389: 17 ipa001.mgmt.paas.local:389: 22 ipa003.mgmt.paas.local:389: 26 ipa002.mgmt.paas.local:389: 24 ipa002.mgmt.paas.local:389: 25 ipa003.mgmt.prod.local:389: 23 ipa003.mgmt.prod.local:389: 18 ipa001.mgmt.prod.local:389: 19 sh-4.2$ !996 sudo ipa-replica-manage clean-ruv 13 Directory Manager password: unable to decode: {replica 15} 568d15720002000f0000 568d15720002000f0000 unable to decode: {replica 13} 568ed0a90001000d0000 56ebea6b0001000d0000 unable to decode: {replica 14} 568d16ea0000000e0000 56ab57950005000e0000 Replica ID 13 not found sh-4.2$ !1000 ldapsearch -D "cn=Directory Manager" -W -h ipa003.mgmt.prod.local -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" | grep "nsds50ruv\|nsDS5ReplicaId" Enter LDAP Password: nsDS5ReplicaId: 1485 nsds50ruv: {replicageneration} 54be6564000000600000 nsds50ruv: {replica 1485 ldap://ipa003.mgmt.prod.local:389} 5787b6e nsds50ruv: {replica 1395 ldap://ipa001.mgmt.prod.local:389} 567ab7a nsds50ruv: {replica 1490 ldap://ipa001.mgmt.paas.local:389} 5787aef nsds50ruv: {replica 1495 ldap://ipa001.mgmt.paas.local:389} 578660e nsds50ruv: {replica 1280 ldap://ipa002.mgmt.prod.local:389} 567949c nsds50ruv: {replica 71 ldap://ipa4-03.local:389} 5617ba4d0000004700 nsds50ruv: {replica 1285 ldap://ipa001.mgmt.prod.local:389} 567804c nsds50ruv: {replica 1290 ldap://ipa4-02.local:389} 561bb7bc0000050a nsds50ruv: {replica 1295 ldap://ipa4-01.local:389} 561ba6430000050f nsds50ruv: {replica 96 ldap://ipa0001-01.local:7389} 54be656e000000 nsds50ruv: {replica 76 ldap://ipa4-rep.local:389} 56142cde0000004c0 nsds50ruv: {replica 81 ldap://ipa0001-03.local:7389} 54c25ac6000000 nsds50ruv: {replica 86 ldap://ipa0001-02.local:7389} 54c12c1d000000 nsds50ruv: {replica 91 ldap://ipa0001-03.local:7389} 54bf475b000000 nsds50ruv: {replica 97 ldap://ipa0001-02.local:7389} 54be656b000000 nsds50ruv: {replica 1096 ldap://ipa3-rhel6.local:7389} 560d7d770000 nsds50ruv: {replica 1196 ldap://ip4-rhel7.local:389} 56137c31000004 nsds50ruv: {replica 1191 ldap://ipa4-rhel7.local:389} 5613a7ac00000 nsds50ruv: {replica 1275 ldap://ipa003.mgmt.prod.local:389} 56797be nsds50ruv: {replica 1390 ldap://ipa002.mgmt.paas.local:389} 5787bb9 nsds50ruv: {replica 1595 ldap://ipa002.mgmt.paas.local:389} 5787db0 nsds50ruv: {replica 1590 ldap://ipa003.mgmt.paas.local:389} 5787e0f
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project