On 8/10/17 11:37 AM, Ian Harding via FreeIPA-users wrote:
[root@freeipa-sea ianh]# ldapsearch -LLL -D 'cn=directory
manager' -W
-b "cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config"
"objectClass=nsds5replicationagreement" nsds5replicaLastUpdateStatus
Enter LDAP Password:
dn:
cn=cloneAgreement1-freeipa-sea.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
a,cn=mapping tree,cn=config
nsds5replicaLastUpdateStatus: Error (32) Problem connecting to replica
- LDAP
error: No such object (connection error)
dn:
cn=masterAgreement1-seattlenfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
a,cn=mapping tree,cn=config
nsds5replicaLastUpdateStatus: Error (19) Replication error acquiring
replica:
Replica has different database generation ID, remote replica may need
to be i
nitialized (RUV error)
and
[root@seattlenfs ianh]# ldapsearch -LLL -D 'cn=directory manager' -W
-b "cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config"
"objectClass=nsds5replicationagreement" nsds5replicaLastUpdateStatus
Enter LDAP Password:
dn:
cn=cloneAgreement1-seattlenfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipaca
,cn=mapping tree,cn=config
nsds5replicaLastUpdateStatus: Error (19) Replication error acquiring
replica:
Replica has different database generation ID, remote replica may need
to be i
nitialized (RUV error)
So I know I need to ipa-csreplica-manage re-initialize
--from
freeipa-sea.bpt.rocks on seattlenfs, but also that it fails because of
the above.
I think this is the root of the problem where the certificate is not
replicated.
Anyone know how I can clean it up? I'm really sorry I've taken up so
much of your time. I really appreciate it.
The freeipa-dal problem may or may not be related...
[root@freeipa-sea ianh]# ipa-csreplica-manage list
Directory Manager password:
seattlenfs.bpt.rocks: master
freeipa-dal.bpt.rocks: CA not configured
freeipa-sea.bpt.rocks: master
[root@freeipa-sea ianh]# ipa-csreplica-manage del freeipa-dal.bpt.rocks
Directory Manager password:
'freeipa-sea.bpt.rocks' has no replication agreement for
'freeipa-dal.bpt.rocks'
[root@seattlenfs ~]# ipa-csreplica-manage list
Directory Manager password:
seattlenfs.bpt.rocks: master
freeipa-dal.bpt.rocks: CA not configured
freeipa-sea.bpt.rocks: master
[root@seattlenfs ~]# ipa-csreplica-manage del freeipa-dal.bpt.rocks
Directory Manager password:
'seattlenfs.bpt.rocks' has no replication agreement for
'freeipa-dal.bpt.rocks'
[root@seattlenfs ~]# ipa-replica-manage list-ruv
Directory Manager password:
Replica Update Vectors:
seattlenfs.bpt.rocks:389: 21
freeipa-sea.bpt.rocks:389: 20
Certificate Server Replica Update Vectors:
seattlenfs.bpt.rocks:389: 1290
freeipa-sea.bpt.rocks:389: 1065