[Freeipa-users] Re: Cannot get rid of a replica/agreement

Hi, is the topology at domain level 1 or domain level 0? # kinit admin # ipa domainlevel-get If the level is 1, the right command in order to remove a replica + ignore topology disconnect issues is # kinit admin # ipa server-del <hostname> --ignore-topology-disconnect The error "not allowed on non-leaf entry" means that the command tried to delete an LDAP entry which has child entries. You can have a look at the directory server logs in /var/log/dirsrv/slapd-IPA-TEST/access and look for a DEL operation which returned an error (something with RESULT err=<value different from 0>). HTH, flo

On Mon, Jul 5, 2021 at 10:45 PM lejeczek via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> wrote: Hi guys. Two masters from which third got disconnected in a "dirty" manner. -> $ ipa-replica-manage del midway.ccn.priv.dom Server removal aborted: Replication topology in suffix 'domain' is disconnected: Topology does not allow server love.ccn.priv.dom to replicate with servers:      midway.ccn.priv.dom Topology does not allow server midway.ccn.priv.dom to replicate with servers:      love.ccn.priv.dom      punch.ccn.priv.dom Topology does not allow server punch.ccn.priv.dom to replicate with servers:      midway.ccn.priv.dom. -> $ ipa topologysegment-find domain ----------------- 1 segment matched -----------------    Segment name: punch.ccn.priv.dom-to-love.ccn.priv.dom    Left node: punch.ccn.priv.dom    Right node: love.ccn.priv.dom    Connectivity: both ---------------------------- Number of entries returned 1 -> $ ipa-replica-manage del midway.ccn.priv.dom --force ipa: WARNING: /usr/lib/python3.6/site-packages/ipaserver/plugins/dogtag.py:1973: The subsystem in PKIConnection.__init__() has been deprecated (https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes <https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes>). Updating DNS system records Not allowed on non-leaf entry I've tried to 'reinitialize' but without success. Anybody care to share suggestions & thoughts? many thanks, L. _______________________________________________ FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ <https://docs.fedoraproject.org/en-US/project/code-of-conduct/> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines <https://fedoraproject.org/wiki/Mailing_list_guidelines> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho... <https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure <https://pagure.io/fedora-infrastructure>