On 08/10/2011 11:00 PM, Amos Shapira wrote:
Some more research after I sent my question (narrower search terms)
found the following bug and fix:
https://bugzilla.redhat.com/show_bug.cgi?id=624442
The package I use is centos-ds-base-8.1.0-0.14.el5.centos.2
Does this mean that this is a bug in the package I have and I should
just use different replication id's?
Or can I still somehow clear the tombstones?
You might be able to use db2ldif -r to dump the database along with the
replication meta data, then edit the LDIF file to remove the bogus data,
then ldif2db to reload your database from the LDIF file.
Thanks,
--Amos
On 11 August 2011 14:55, <389-users-ow...@lists.fedoraproject.org
<mailto:389-users-ow...@lists.fedoraproject.org>> wrote:
You are not allowed to post to this mailing list, and your message has
been automatically rejected. If you think that your messages are
being rejected in error, contact the mailing list owner at
389-users-ow...@lists.fedoraproject.org
<mailto:389-users-ow...@lists.fedoraproject.org>.
---------- Forwarded message ----------
From: Amos Shapira <amos.shap...@gmail.com
<mailto:amos.shap...@gmail.com>>
To: "General discussion list for the 389 Directory server
project." <389-us...@lists.fedoraproject.org
<mailto:389-us...@lists.fedoraproject.org>>
Date: Thu, 11 Aug 2011 14:55:08 +1000
Subject: duplicate replica id detected - can I remove replicas?
Hello,
I've deleted old replication agreements and setup new ones as part
of server reshuffling (previous consumers turned into multi-masters).
I'm following the instructions in
http://directory.fedoraproject.org/wiki/Howto:WalkthroughMultimasterSSL
which look like a shorter summary of the official documentation.
When I finally click on the "Inisitalize consumer" I get a pop-up
about duplicate replicas existing.
The replica numbers on the servers are "4" (on the supplier I
intend to initialise from) and "3" (on the intended consumer).
I followed instructions given in this forum earlier to list
replicas on both servers and these are the results:
# ./ldapsearch -x -b
'nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,dc=company' -D
'cn=Directory Manager' -w ******* -h cunsumers-ip-addr -s base
objectclass=nstombstone
version: 1
dn: nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,dc=company
objectClass: top
objectClass: nsTombstone
objectClass: extensibleobject
nsds50ruv: {replicageneration} 4a679e1c000000010000
nsds50ruv: {replica 3 ldap://directory2:389
}
nsds50ruv: {replica 1 ldap://directory5:389} 4a679ebf000000010000
4e30ce4e000200010000
nsds50ruv: {replica 65535 ldap://directory2:389}
4e323b300000ffff0000 4e4026ef0000ffff0000
dc: company
nsruvReplicaLastModified: {replica 3 ldap://directory2:389} 00000000
nsruvReplicaLastModified: {replica 1 ldap://directory5:389} 000000
00
nsruvReplicaLastModified: {replica 65535 ldap://directory2:389}
4e4026d9
# ./ldapsearch -x -b
'nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,dc=company' -D
'cn=Directory Manager' -w ******** -s base objectclass=nstombstone
version: 1
dn: nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,dc=company
objectClass: top
objectClass: nsTombstone
objectClass: extensibleobject
nsds50ruv: {replicageneration} 4a679e1c000000010000
nsds50ruv: {replica 3 ldap://directory2:389}
nsds50ruv: {replica 1 ldap://directory5:389} 4a679ebf000000010000
4e30ce4e000200010000
nsds50ruv: {replica 65535 ldap://directory2:389} 4e4026ef0000ffff0000
dc: company
nsruvReplicaLastModified: {replica 3 ldap://directory2:389} 00000000
nsruvReplicaLastModified: {replica 1 ldap://directory5:389} 4e30ce
27
nsruvReplicaLastModified: {replica 65535 ldap://directory2:389}
4e4026da
directory1 is the server I'm running the query on and is the
intended initialising supplier.
directory2 is the server I'm trying to initialize.
directory1 and directory2 are the servers I intend to be the new
multi-masters. I configured them to use LDAPS on port 636 with
certificates.
directory5 is one of the two older multi-masters (the old
multi-masters haven't been configured corretly, I guess that's why
we don't see a second replica from the old multi-master pair).
Is there a way for me to remove the old replicas or must I just
pick new replica numbers for the new multi-masters?
In case this matters - I'm configuring things through a
centos-idm-console which I copied to my Ubuntu desktop in another
location and accessing the DC over VPN. I have direct access from
my desktop to ports 636 and 389 on both servers. When I setup the
replication agreement the console complains that it can't validate
the connection but I suspect this is related to it not having
access to the cert8.db file
(https://bugzilla.redhat.com/show_bug.cgi?id=200989).
Thanks,
--Amos
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
