[18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD
dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config"
[18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0
etime=0
[18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND
Do you mean that log entry ^? I am seeing that entry on dc2-ipa-dev-nvan, the
host that dc1-ipa-dev-van is contacting as its master when we attempt the
ipa-replica-install. Look through my earlier posts in this thread for a full
log.
Yes, of course that DN exists on all my masters. With a 3 way replication it
would have to exist because the current master is replicating to 2 other
masters. Here is the ldapsearch for all 3 existing hosts showing that DN
(dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config")
which is apparently failing to be added because it already exists on all my
hosts.
Entry on dc1-ipa-dev-van
========================
[nathan.peters@dc1-ipa-dev-van ~]$ ldapsearch -D "cn=directory manager" -W -b
"cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config>
with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# replica, dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config
dn: cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config
cn: replica
nsDS5Flags: 1
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.dev-mydomain.net
@DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net
nsDS5ReplicaBindDN: krbprincipalname=ldap/dc2-ipa-dev-nvan.dev-mydomain.net
@DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net
nsDS5ReplicaId: 17
nsDS5ReplicaName: 11f21d13-bccf11e5-a49095ab-7f963284
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaType: 3
nsState:: EQAAAAAAAADQrJ5WAAAAANkAAAAAAAAAkwAAAAAAAAAJAAAAAAAAAA==
nsds5ReplicaLegacyConsumer: off
nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=dev-
mydomain,dc=net
nsds5replicabinddngroupcheckinterval: 60
objectClass: nsds5replica
objectClass: top
objectClass: extensibleobject
nsds5ReplicaChangeCount: 71685
nsds5replicareapactive: 0
# meTodc1-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\
3Dnet, mapping tree, config
dn:
cn=meTodc1-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping
tree,cn=config
cn: meTodc1-ipa-dev-nvan.dev-mydomain.net
description: me to dc1-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicaHost: dc1-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaPort: 389
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsds50ruv: {replicageneration} 553fe9bb000000040000
nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd
26000000100000 569b918f001400100000
nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124
b000000110000 569b918f000f00110000
nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee
040000000f0000 569b91750005000f0000
nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b
b0000000e0000 569b91320014000e0000
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
nsds5replicaTimeout: 120
nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n
et:389} 00000000
nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n
et:389} 00000000
objectClass: nsds5replicationagreement
objectClass: top
objectClass: ipaReplTopoManagedAgreement
ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p
lugin
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20160119213851Z
nsds5replicaLastUpdateEnd: 19700101000000Z
nsds5replicaChangesSentSinceStartup:: MTc6NTMxLzEzMTg4MzYzMSAxNTozNTAvMCAxNDo1
MC8wIDE2OjMyMi8wIDA6Ni8xMTUg
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate started
nsds5replicaUpdateInProgress: TRUE
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z
# meTodc2-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\
3Dnet, mapping tree, config
dn:
cn=meTodc2-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping
tree,cn=config
cn: meTodc2-ipa-dev-nvan.dev-mydomain.net
description: me to dc2-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicaHost: dc2-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaPort: 389
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsds50ruv: {replicageneration} 553fe9bb000000040000
nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee
040000000f0000 569b91900002000f0000
nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd
26000000100000 569b918d004a00100000
nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b
b0000000e0000 569b91320014000e0000
nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124
b000000110000 569b918f000f00110000
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
nsds5replicaTimeout: 120
nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n
et:389} 00000000
nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n
et:389} 00000000
objectClass: nsds5replicationagreement
objectClass: top
objectClass: ipaReplTopoManagedAgreement
ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p
lugin
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20160119213851Z
nsds5replicaLastUpdateEnd: 19700101000000Z
nsds5replicaChangesSentSinceStartup:: MTc6NTQyLzEzMDIxNDkwNSAxNDoxNjkvMCAxNjo0
NDUvMCAxNToyOTQvMCAwOjEvMTExIA==
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate started
nsds5replicaUpdateInProgress: TRUE
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
Entry on dc1-ipa-dev-nvan
=========================
[nathan.peters@dc1-ipa-dev-nvan ~]$ ldapsearch -D "cn=directory manager" -W -b
"cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config>
with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# replica, dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config
dn: cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config
cn: replica
nsDS5Flags: 1
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindDN: krbprincipalname=ldap/dc2-ipa-dev-nvan.dev-mydomain.net
@DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net
nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.dev-mydomain.net@
DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net
nsDS5ReplicaId: 16
nsDS5ReplicaName: 79ee3693-bcc211e5-bfa4b538-a3d71f3c
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaType: 3
nsState:: EAAAAAAAAACrrZ5WAAAAAHgAAAAAAAAA8wAAAAAAAAACAAAAAAAAAA==
nsds5ReplicaLegacyConsumer: off
nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=dev-
mydomain,dc=net
nsds5replicabinddngroupcheckinterval: 60
objectClass: nsds5replica
objectClass: top
objectClass: extensibleobject
nsds5ReplicaChangeCount: 89267
nsds5replicareapactive: 0
# meTodc1-ipa-dev-van.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\3
Dnet, mapping tree, config
dn:
cn=meTodc1-ipa-dev-van.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping
tree,cn=config
cn: meTodc1-ipa-dev-van.dev-mydomain.net
description: me to dc1-ipa-dev-van.dev-mydomain.net
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicaHost: dc1-ipa-dev-van.dev-mydomain.net
nsDS5ReplicaPort: 389
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsds50ruv: {replicageneration} 553fe9bb000000040000
nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124
b000000110000 569b90c7001a00110000
nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd
26000000100000 569b90c7001600100000
nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee
040000000f0000 569b8f900005000f0000
nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b
b0000000e0000 569b8f99001c000e0000
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
nsds5replicaTimeout: 120
nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n
et:389} 00000000
nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n
et:389} 00000000
objectClass: nsds5replicationagreement
objectClass: top
objectClass: ipaReplTopoManagedAgreement
ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p
lugin
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20160119214152Z
nsds5replicaLastUpdateEnd: 20160119214152Z
nsds5replicaChangesSentSinceStartup:: MTY6ODg3LzM1NTUxNDQgMTU6MTgyLzAgMTQ6OC8w
IDE3OjMvMCAwOjEvMCA=
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate succeeded
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z
# meTodc2-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\
3Dnet, mapping tree, config
dn:
cn=meTodc2-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping
tree,cn=config
cn: meTodc2-ipa-dev-nvan.dev-mydomain.net
description: me to dc2-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicaHost: dc2-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaPort: 389
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsds50ruv: {replicageneration} 553fe9bb000000040000
nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee
040000000f0000 569b90b10003000f0000
nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd
26000000100000 569b90c1000a00100000
nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b
b0000000e0000 569b8f99001c000e0000
nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124
b000000110000 569b8e0e000700110000
nsds5ReplicaEnabled: on
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
nsds5replicaTimeout: 120
nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n
et:389} 00000000
nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n
et:389} 00000000
objectClass: nsds5replicationagreement
objectClass: top
objectClass: ipaReplTopoManagedAgreement
ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p
lugin
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20160119214206Z
nsds5replicaLastUpdateEnd: 20160119214206Z
nsds5replicaChangesSentSinceStartup:: MTY6NjQyLzE4OTQ5ODAgMTQ6NzEvMCAxNzoxNC8w
IDE1OjIvMCA=
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate succeeded
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
Entry on dc2-ipa-dev-nvan
=========================
[nathan.peters@dc2-ipa-dev-nvan ~]$ ldapsearch -D "cn=directory manager" -b
"cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config>
with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# replica, dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config
dn: cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config
cn: replica
nsDS5Flags: 1
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.dev-mydomain.net
@DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net
nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.dev-mydomain.net@
DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net
nsDS5ReplicaId: 15
nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaType: 3
nsState:: DwAAAAAAAADWrZ5WAAAAAAAAAAAAAAAAbAEAAAAAAAABAAAAAAAAAA==
nsds5ReplicaLegacyConsumer: off
nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=dev-
mydomain,dc=net
nsds5replicabinddngroupcheckinterval: 60
objectClass: nsds5replica
objectClass: top
objectClass: extensibleobject
nsds5ReplicaChangeCount: 66837
nsds5replicareapactive: 0
# meTodc1-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\
3Dnet, mapping tree, config
dn:
cn=meTodc1-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping
tree,cn=config
cn: meTodc1-ipa-dev-nvan.dev-mydomain.net
description: me to dc1-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicaHost: dc1-ipa-dev-nvan.dev-mydomain.net
nsDS5ReplicaPort: 389
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsds50ruv: {replicageneration} 553fe9bb000000040000
nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd
26000000100000 569b9201002200100000
nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124
b000000110000 569b91af000d00110000
nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee
040000000f0000 569b92010002000f0000
nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b
b0000000e0000 569b91320014000e0000
nsds5ReplicaEnabled: on
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
nsds5replicaTimeout: 120
nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n
et:389} 00000000
nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n
et:389} 00000000
objectClass: nsds5replicationagreement
objectClass: top
objectClass: ipaReplTopoManagedAgreement
ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p
lugin
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20160119214250Z
nsds5replicaLastUpdateEnd: 20160119214250Z
nsds5replicaChangesSentSinceStartup:: MTU6NDk2LzE2MjI3NzggMTQ6MS8wIDE3OjIyLzAg
MTY6Mi8wIA==
nsds5replicaLastUpdateStatus: 1 Can't acquire busy replica
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z
# meTodc1-ipa-dev-van.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\3
Dnet, mapping tree, config
dn:
cn=meTodc1-ipa-dev-van.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping
tree,cn=config
cn: meTodc1-ipa-dev-van.dev-mydomain.net
description: me to dc1-ipa-dev-van.dev-mydomain.net
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicaHost: dc1-ipa-dev-van.dev-mydomain.net
nsDS5ReplicaPort: 389
nsDS5ReplicaRoot: dc=dev-mydomain,dc=net
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
nsds5replicaTimeout: 120
objectClass: nsds5replicationagreement
objectClass: top
objectClass: ipaReplTopoManagedAgreement
ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p
lugin
nsds50ruv: {replicageneration} 553fe9bb000000040000
nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124
b000000110000 569b9201000500110000
nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd
26000000100000 569b918d004a00100000
nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee
040000000f0000 569b92010002000f0000
nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b
b0000000e0000 569b91320014000e0000
nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n
et:389} 00000000
nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.
net:389} 00000000
nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n
et:389} 00000000
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 20160119214305Z
nsds5replicaLastUpdateEnd: 20160119214305Z
nsds5replicaChangesSentSinceStartup:: MTU6NjQ0LzI4NDc1OTggMTY6MTc2LzAgMTc6Mi8w
IDA6MS8wIA==
nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate succeeded
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
-----Original Message-----
From: Rob Crittenden [mailto:[email protected]]
Sent: January-19-16 12:33 PM
To: Nathan Peters; Ludwig Krispenz
Cc: [email protected]
Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with
DuplicateEntry: This entry already exists
Nathan Peters wrote:
> Ok, after rm-rf /etc/dirsrv I was able to re-install again, but back to the
> old issue with DuplicatEntry.
>
> Can anyone on this list tell me how to fix this issue ? This is a production
> domain with several hundred clients and servers attached, so I can't just
> blow it away and start over.
You've had several people trying.
> I need to get this fixed.
I think Ludwig's question still stands: on what host are you seeing the
duplicate entry logged (err=68)? I presume on the master it is trying to
create the agreement against. Have you looked to see if this entry
exists on your current masters?
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
