Hi,
On 06/19/2015 12:32 PM, Christoph Kaminski wrote:
> in the second search I don't see nsds50ruv attributes for dead
> entries, so the database ruv seems to be ok.
these are dead:
nscpentrywsi: nsDS5ReplicaBindDN:
krbprincipalname=ldap/ipa-2.mgmt.biotronik-h
omemonitoring.int@HSO,cn=services,cn=accounts,dc=hso
nscpentrywsi: nsDS5ReplicaBindDN:
krbprincipalname=ldap/ipa-2.mgmt.testsystem-
homemonitoring.int@HSO,cn=services,cn=accounts,dc=hso
nscpentrywsi: nsDS5ReplicaBindDN:
krbprincipalname=ldap/ipa-2.mgmt.datacenter-
homemonitoring.int@HSO,cn=services,cn=accounts,dc=hso
but these are bind dns, ipa adds them when creating a new replica to be
able to establish a gssapi replication, I don't know if and when they
are removed, they are definitely not in the task of cleanallruv
> the first search is for the replication agreements and they keep
> info about the consumer ruv, used in replication session. you cannot
> modify these, but they are maintained in the dse.ldif, you could
> edit the dse.ldif when the server is stopped.
big thx, we try it and I let you know if it works!
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
