Hello, I have an AlmaLinux 9 IdM domain which is working just fine. A new master I stood up was moved into a restricted access network where it unfortunately ended up being disconnected from the topology for almost two weeks.
The two "outside" AL9 IdM masters that it had a replication agreement with no longer list it in their "cn=replication managers" groups. I'm assuming the same holds true on other IdM masters (i.e. they won't list it either). Can I simply create an ldif file and add the formerly disconnected host back manually? SASL/GSSAPI auth is being reported as resumed. A re- initialization from one of the masters was reported on the problem host as having successfully completed. But, I still see "perm denied" errors for "acquire replica" on both sides. This is the ldif Grok thinks I should use on the working masters to add the problem host back to their "cn=replication managers" groups: dn: cn=replication managers,cn=sysaccounts,cn=etc,dc=idm,dc=domain,dc=com changetype: modify add: member member: krbprincipalname=ldap/[email protected],cn=services,c n=accounts,dc=idm,dc=domain,dc=comadd: member BTW, I did try to delete the replication agreement. I saw the deletion reported on the problem host and the working host. However, re-creating the replication agreement didn't fix the issue. If it's safer to run an uninstall and install again on the problem host, I can do that. Thanks in advance for any assistance. -- Ranbir -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
