On Mon, Sep 26, 2016 at 1:54 PM, Natxo Asenjo <[email protected]> wrote:
> > > > On Mon, Sep 26, 2016 at 1:50 PM, Ludwig Krispenz <[email protected]> > wrote: > >> >> On 09/26/2016 01:36 PM, Natxo Asenjo wrote: >> >> And in my example, the replica id would be 66, 96, 71 and 97, correct? >> >> no, I don't think so. you searched 2 times the same host "-h >> kdc04.unix.iriszorg.nl". >> you need to search on kdc03 to find the current replicaid of kdc03 and >> you have to keep it. >> > > > yes, you are right :( > > $ ldapsearch -Z -h kdc03.unix.iriszorg.nl -D "cn=Directory Manager" -W > -b "o=ipaca" > "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" > | grep "nsds50ruv\|nsDS5ReplicaId" > Enter LDAP Password: > nsDS5ReplicaId: 66 > nsds50ruv: {replicageneration} 50c1015c000000600000 > nsds50ruv: {replica 66 ldap://kdc03.unix.iriszorg.nl:389} > 57e23f66000000420000 > nsds50ruv: {replica 1095 ldap://kdc04.unix.iriszorg.nl:389} > 57e4d75a0000044700 > nsds50ruv: {replica 96 ldap://kdc01.unix.iriszorg.nl:7389} > 50c1016c00000060000 > nsds50ruv: {replica 71 ldap://kdc03.unix.iriszorg.nl:389} > 57e140c7000000470000 > nsds50ruv: {replica 97 ldap://kdc02.unix.iriszorg.nl:7389} > 50c1016800000061000 > > > so I need to keep 66 and 1095, and run the task on 96, 71 and 97, it would > seem. > > Thanks for spotting my error. > ok, so I have now run the commands against both ldap hosts (the kdc03 and the kdc04), and now I have this: # ldapsearch -Z -h kdc04.unix.iriszorg.nl -D "cn=Directory Manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" | grep "nsds50ruv\|nsDS5ReplicaId" Enter LDAP Password: nsDS5ReplicaId: 1095 nsds50ruv: {replicageneration} 50c1015c000000600000 nsds50ruv: {replica 1095 ldap://kdc04.unix.iriszorg.nl:389} 57e4d75a0000044700 nsds50ruv: {replica 66 ldap://kdc03.unix.iriszorg.nl:389} 57e23f66000000420000 # ldapsearch -Z -h kdc03.unix.iriszorg.nl -D "cn=Directory Manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" | grep "nsds50ruv\|nsDS5ReplicaId" Enter LDAP Password: nsDS5ReplicaId: 66 nsds50ruv: {replicageneration} 50c1015c000000600000 nsds50ruv: {replica 66 ldap://kdc03.unix.iriszorg.nl:389} 57e23f66000000420000 nsds50ruv: {replica 1095 ldap://kdc04.unix.iriszorg.nl:389} 57e4d75a0000044700 nsds50ruv: {replica 96 ldap://kdc01.unix.iriszorg.nl:7389} 50c1016c00000060000 nsds50ruv: {replica 71 ldap://kdc03.unix.iriszorg.nl:389} 57e140c7000000470000 nsds50ruv: {replica 97 ldap://kdc02.unix.iriszorg.nl:7389} 50c1016800000061000 so the command has not been successful in the kdc03. in the dirsrv errors log I see: [26/Sep/2016:14:50:54 +0200] NSMMReplicationPlugin - CleanAllRUV Task (rid 71): Not all replicas online, retrying in 640 seconds... [26/Sep/2016:14:51:00 +0200] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) but those replicas are gone (decommissioned). So how can I remove them? -- regards, Natxo -- -- Groeten, natxo
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
