Kristian Petersen via FreeIPA-users wrote:
My primary IPA server has failed. I was running a python script
against
IPA doing some user management when everything when unresponsive. I
couldn't even get in at a console to check what was going on. I ended
up rebooting it. After doing so, dirsrv wouldn't start because dse.ldif
was missing. I have copied this file over from a replica IPA server, so
dirsrv starts now. However, it seems that other services are unable to
connect to LDAP properly. DNS isn't resolving when querying the primary
even though ipactl shows named is running. smb and winbind won't start
and it appears to be a problem with connecting to LDAP. Is there a way
to check the integrity of my LDAP database? Or should I try to copy the
LDAP database form my working replica to the primary?
There should have been a dse.ldif.startOK which would have been better
to use. Given you have started the server already it is probably already
updated, losing the old values, but worth checking.
I know that at least the value of nsslapd-localhost has the hostname
stored. Replication agreements are also stored per-host in cn=config
(which is not replicated).
If the database were corrupted then 389-ds should detect it. I'm
suspecting that the dse.ldif from another master is the culprit.
rob