I was able to get it working by doing the following. I tore down the primary server and stood it up again with ipa-server installed and then I restored it from a backup taken today. On the replica server I created another user account because if my understanding of how the re-initialize command works is correct, that user account shouldn’t be on the replica anymore once it re-initializes with the master since it was created after the backup was taken.
After I got the primary restored, I ran the re-initialize command on the replica and it worked! Because I was curious, I performed the same steps I mentioned above, but this time I used an older backup and I started running into the LDAP issues again. My question is, do the backups get a little wonky the older they are? Tyler From: Hirata, Tyler via FreeIPA-users <[email protected]> Date: Wednesday, December 21, 2022 at 8:18 AM To: Rob Crittenden <[email protected]>, FreeIPA users list <[email protected]> Cc: Hirata, Tyler <[email protected]> Subject: [Freeipa-users] Re: LDAP error after re-initializing replica server Hi Rob, I took two backups from this month. The 1st one I tried was from December 5th, and the more recent one was from the 16th. The replica did exist at the time I took the backup. Are there implications deleting the replica VMs and starting from scratch? The only way I was able to get the restore to work was, I just restored the primary server and then I deleted the VM the replica was on and I rebuilt it and setup replication from scratch. Tyler From: Rob Crittenden <[email protected]> Date: Wednesday, December 21, 2022 at 5:49 AM To: FreeIPA users list <[email protected]> Cc: Hirata, Tyler <[email protected]> Subject: Re: [Freeipa-users] LDAP error after re-initializing replica server Hirata, Tyler via FreeIPA-users wrote: > I’m testing out IPA and wanted to see how restoring backups work. I > successfully restored an older backup to my master node, but when I hop > on my replica nodes and run the re-initialization command, I get an LDAP > error. I was wondering if anyone has experienced this? > > ipa-replica-manage re-initialize --from ipa1.domain.com > > Update in progress, 15 seconds elapsed > > [ldaps:// ipa1.domain.com:636] reports: Update failed! Status: [Error > (49) - LDAP error: Invalid credentials - no response received] > > > > I’ve cleared all my Kerberos cache by running kdestroy and I restarted > directory services and rebooted the primary and secondary servers. How old was this restore? Did the replica exist when the backup was taken? rob
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
