Torsten Harenberg wrote:
Hi,
we have three ipa servers
- ipa
- ipa2
- ipacentos7
We wanted to re-install ipa2 from scratch as this server gave us strange
issues in the past (for example, you have to do a "ipactl stop && ipactl
start" after boot to have everything running - a step which is not
needed on the other two).
However, the ipa-replica-manage del ipa2.pleiades.uni-wuppertal.de gave
an error at the end (it scrolled out of the terminal, but ended with
"unexpected error: Not allowed on non-leaf entry").
It seems to be impossible to get rid of this replica now:
[root@ipa ~]# ipa-replica-manage -v -f -c del
ipa2.pleiades.uni-wuppertal.de
Directory Manager password:
Cleaning a master is irreversible.
This should not normally be require, so use cautiously.
Continue to clean master? [no]: yes
unexpected error: Not allowed on non-leaf entry
[root@ipa ~]# ipa-replica-manage list
Directory Manager password:
ipacentos7.pleiades.uni-wuppertal.de: master
ipa.pleiades.uni-wuppertal.de: master
ipa2.pleiades.uni-wuppertal.de: master
[root@ipa ~]#
[root@ipa ~]# ipa-csreplica-manage -v del ipa2.pleiades.uni-wuppertal.de
Directory Manager password:
Deleted replication agreement from 'ipa.pleiades.uni-wuppertal.de' to
'ipa2.pleiades.uni-wuppertal.de'
[root@ipa ~]# ipa-replica-manage list
Directory Manager password:
ipacentos7.pleiades.uni-wuppertal.de: master
ipa.pleiades.uni-wuppertal.de: master
ipa2.pleiades.uni-wuppertal.de: master
[root@ipa ~]#
Any ideas how to proceed from here?
Seems like an error that LDAP is throwing. There might be details in
/var/log/dirsrv/slapd-REALM/{access|errors}
It sounds like when IPA tried to delete some entry it failed because
that entry has children. The logs should help pinpoint which entry it is
failing on.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
