On 2/14/25 6:44 PM, Chris Jacobs via FreeIPA-users wrote:
Anyone? I'd really like it if this thread didn't die out the same way all the previous ones have where the usual tooling fails to do the job and then the thread goes crickets. There's something, somewhere causing these to exist even when deleted manually - restart the servers and the nsds50ruv and nsruvReplicaLastModified entries return.
As previously asked, what rpm version of 389-ds-base are you running? There have been enhancements and fixes to the cleaning task over the years.
After running the cleanallruv task can you please run this ldapsearch on the Directory Server:
$ ldapsearch -xLLL -H ldap://localhost:389 -D "cn=directory manager" -W -b "YOUR SUFFIX HERE" '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))' nsds50ruv
If you still see that RUV element from the search above you can try using the force cleaning option. If you are on a newer of DS you can try running the cleaning task using the force option via DS CLI, or modify your ldapmodify LDIF to set force cleaning to "yes"
# dsconf slapd-YOUR_DS_INSTANCE_NAME repl-tasks cleanallruv --replica-id 27 --suffix YOUR_SUFFIX --force-cleaning
Now part of the cleaning process happens in a separate thread where it cleans the replication changelog of any updates from that old replica. If your changelog is large it could take some time to finish. If you restart the server before it ends it "could" pollute the RUV with that old replica id. Usually the changelog purging runs pretty quickly (less than a minute). Regardless a DS restart is /not/ required for any of this to work.
It's also important to make sure you don't have any lingering replication agreements to that old/deleted replica, and that old replica should have been completely removed from the deployment. The RUV could also get re-polluted if you have an old IPA server in the mix that does not support cleanallruv (like an old RHEL 6 server).
HTH, Mark
Thanks, - chris
-- Identity Management Development Team
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
