Re: [Freeipa-users] nsds5ReplConflict / Replication issue!

Fri, 06 May 2016 12:48:59 -0700 


On 06.05.2016 21:29, Devin Acosta wrote:

I am running the latest FreeIPA on CentOS 7.2.


I noticed I had a “nsds5ReplConflict” with an item, i tried to follow 
the webpage to rename and delete but that failed. I then tried to 
have ipa1-i2x reload from ipa01-aws instance, now now it seems to 
have gone maybe worse?
can you please advise how to get back to a healthy system. I 
initially added a system account as recommended so i could have say 
like Jira/Confluence do User searches against IDM.



[dacosta@ipa1-i2x ~]$ ldapsearch -x -D "cn=directory manager" -w 
‘password' -b "dc=rsinc,dc=local" "nsds5ReplConflict=*" \* 
nsds5ReplConflict

# extended LDIF
#
# LDAPv3
# base <dc=rsinc,dc=local> with scope subtree
# filter: nsds5ReplConflict=*
# requesting: * nsds5ReplConflict
#


# 7ad08581-059911e6-b55c83a4-93228cdf + ldapsearch, sysaccounts, etc, 
rsinc.loc

al

dn: 
nsuniqueid=7ad08581-059911e6-b55c83a4-93228cdf+uid=ldapsearch,cn=sysaccoun

ts,cn=etc,dc=rsinc,dc=local
userPassword:: e1NTSEF9M3krdTh5TkdYV=
=
uid: ldapsearch
objectClass: account
objectClass: simplesecurityobject
objectClass: top

nsds5ReplConflict: namingConflict 
uid=ldapsearch,cn=sysaccounts,cn=etc,dc=rsin

c,dc=local

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


[dacosta@ipa1-i2x ~]$ ./ipa_check_consistency -H "ipa1-i2x.local 
ipa01-aws.rsinc.local" -d RSINC.LOCAL

Directory Manager password:
FreeIPA servers: ipa1-i2x ipa01-aws STATE
===================================================
Active Users ERROR 33 FAIL
Stage Users ERROR 0 FAIL
Preserved Users ERROR 0 FAIL
User Groups ERROR 7 FAIL
Hosts ERROR 82 FAIL
Host Groups ERROR 1 FAIL
HBAC Rules ERROR 2 FAIL
SUDO Rules ERROR 4 FAIL
DNS Zones ERROR 14 FAIL
LDAP Conflicts ERROR YES FAIL
Anonymous BIND ERROR on FAIL
Replication Status ipa02-aws 0
ipa1-i2x 0
===================================================


[dacosta@ipa1-i2x ~]$ ipa-replica-manage list
ipa: WARNING: session memcached servers not running
ipa02-aws.rsinc.local: master
ipa01-aws.rsinc.local: master
ipa1-i2x.rsinc.local: master


Devin Acosta
Linux Certified Engineer
e: [email protected]






hello, it is not clear to me what is wrong, do you have there conflicts?

The output of command is not tool supported by freeIPA, I have no idea 
what is wrong.


to check replication status for each IPA server run
ipa-replica-manage -v list <hostname>

can you kinit on all replicas?
can you do ldapsearch as directory manager on each server?

Martin

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project





















					Reply via email to