We have some issues with installing new replicas, apparently triggered by incomplete replication between the existing servers.
I'm trying to cleanup the orphaned replica agreements: dn: cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=dc\3Dnw ra\2Cdc\3Dcom,cn=mapping tree,cn=config nsDS5ReplicaLastUpdateStatus: Error (-1) Problem connecting to replica - LDAP error: Can't contact LDAP server (connection error) dn: cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=o\3Dipa ca,cn=mapping tree,cn=config nsDS5ReplicaLastUpdateStatus: Error (-1) Problem connecting to replica - LDAP error: Can't contact LDAP server (connection error) But that appears to be hanging: # ldapmodify -h ipa-seattle01.nwra.com -D "cn=directory manager" -W <<EOF > dn: cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config > changetype: delete > > dn: cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=dc\3Dnwra\2Cdc\3Dcom,cn=mapping tree,cn=config > changetype: delete > EOF Enter LDAP Password: deleting entry "cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config" Any idea what would cause this? access on ipa-seattle01: [30/Oct/2024:14:59:53.669549056 -0700] conn=351148 fd=248 slot=248 connection from 10.10.41.3 to 10.30.10.11 [30/Oct/2024:14:59:53.670365938 -0700] conn=351148 op=0 BIND dn="cn=directory manager" method=128 version=3 [30/Oct/2024:14:59:53.670564728 -0700] conn=351148 op=0 RESULT err=0 tag=97 nentries=0 wtime=0.000495680 optime=0.000235976 etime=0.000728682 dn="cn=directory manager" [30/Oct/2024:14:59:53.701779783 -0700] conn=351148 op=1 DEL dn="cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com,cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config" errors: [30/Oct/2024:14:58:48.666432741 -0700] - WARN - NSMMReplicationPlugin - prot_stop - Incremental protocol for replica "agmt="cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com" (ipa-bld01:389)" did not shut down properly. [30/Oct/2024:15:01:53.781236011 -0700] - WARN - NSMMReplicationPlugin - prot_stop - Incremental protocol for replica "agmt="cn=ipa-seattle01.nwra.com-to-ipa-bld01.cora.nwra.com" (ipa-bld01:389)" did not shut down properly. -- Orion Poplawski he/him/his - surely the least important thing about me Manager of IT Systems 720-772-5637 NWRA, Boulder Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 https://www.nwra.com/
smime.p7s
Description: S/MIME Cryptographic Signature
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
