Hi rob,
Thanks a lot for replying back.
Things I tried
# clean-ruv via ipa-replica-manage
$ ipa-replica-manage clean-ruv 52 -f
Directory Manager password:
Replica ID 52 not found $
# clean-ruv job via ldapmodify ldif
$ cat cleanruv.ldif dn: cn=replica,cn=dc\3Ddicomp\2Cdc\3Dnet,cn=mapping tree,cn=config changetype: modify replace: nsds5task nsds5task: CLEANRUV52 $ $ ldapmodify -H ldap://$(hostname) -D "cn=Directory Manager" -W -f cleanruv.ldif Enter LDAP Password: modifying entry "cn=replica,cn=dc\3Ddicomp\2Cdc\3Dnet,cn=mapping tree,cn=config" $ Although this task says its modifying entry, the atrribute remains as such.
# manual ldap modify to delete the attribute
$ cat clean-ghost-repl.ldif
dn: cn=replica,cn=dc\3Ddicomp\2Cdc\3Dnet,cn=mapping tree,cn=config
changetype: modify
delete: nsruvReplicaLastModified
nsruvReplicaLastModified: {replica 52} 66a9cd67 $ $ ldapmodify -H ldap://$(hostname) -D "cn=Directory Manager" -W -f clean-ghost-repl.ldif
Enter LDAP Password:
modifying entry "cn=replica,cn=dc\3Ddicomp\2Cdc\3Dnet,cn=mapping tree,cn=config"
ldap_modify: Server is unwilling to perform (53)
additional info: Deletion of nsruvReplicaLastModified attribute is not allowed $
I have not tried to induce a cleanallruv task via an ldif, I thought cleanallruv is a globally replicated task similar to cleanruv just running on the local replica ? Does it still make sense to try a cleanallruv via ldapmodify as mentioned in https://www.port389.org/docs/389ds/howto/howto-cleanruv.html ?