You can use ldapmodify to drop the oxygen entry.
defaultServerList is used for some kinds of discovery (DUA profiles).
rob
Thanks again for your help!
Jamal
<
http://www.egg.ie/>
*Jamal Mahmoud* / Pipeline TD
jamal.mahmoud(a)egg.ie <mailto:jamal.mahmoud@egg.ie>
35 Fitzwilliam Street Upper, Dublin.
P: +353 1 6345440
Twitter <
https://twitter.com/EggPost> Facebook
<
https://www.facebook.com/egg.post/> LinkedIn
<
http://www.linkedin.com/in/jamalmahmoud> Vimeo
<
https://vimeo.com/user9887735>
On 14 February 2018 at 16:20, thierry bordaz <tbordaz(a)redhat.com
<mailto:tbordaz@redhat.com>> wrote:
I think it is okay to do the delete.
topology plugin is a reader of master container and should take into
account those changes. Now it may require a restart.
Just for your information I will be out of the office tonight being
back Feb 23rd
best regards
thierry
On 02/14/2018 04:25 PM, Jamal Mahmoud wrote:
> Would it hurt to try running those ldapdelete commands? or would
> that make it worse?
>
> Thanks for your help Thierry,
>
> <
http://www.egg.ie/>
>
>
>
> *Jamal Mahmoud* / Pipeline TD
> jamal.mahmoud(a)egg.ie <mailto:jamal.mahmoud@egg.ie>
>
> 35 Fitzwilliam Street Upper, Dublin.
> P: +353 1 6345440 <tel:+353%201%20634%205440>
>
> Twitter <
https://twitter.com/EggPost> Facebook
> <
https://www.facebook.com/egg.post/> LinkedIn
> <
http://www.linkedin.com/in/jamalmahmoud> Vimeo
> <
https://vimeo.com/user9887735>
>
>
>
>
>
> On 14 February 2018 at 14:56, thierry bordaz <tbordaz(a)redhat.com
> <mailto:tbordaz@redhat.com>> wrote:
>
> Hummm... to be honest I have not the skill of support guys to
> get rid of conflicts in IPA :(
>
> Removing the conflicts entries under 'masters' should relax
> topology plugin to accept deletion of the segments.
> You may ping again freeipa-users to get more advice how to
> repair a topology with conflicts entries.
>
> We know that we have a former server that is a conflict entry
> under 'master'.
> Also that it exists segments to that server, likely because
> topology plugin hit the same issues than others IPA CLI.
>
> On 02/14/2018 03:43 PM, Jamal Mahmoud wrote:
>> Haha! I almost went ahead and ran those deletes without
>> thinking! Sick of oxygen at this point!
>> Okay so I grepped oxygen from that output file and if i'm not
>> mistaken there are references to it in the topology.
>>
>> dn: cn=nitrogen.eggvfx.ie-to-oxygen.eggvfx.ie
>>
<
http://nitrogen.eggvfx.ie-to-oxygen.eggvfx.ie>,cn=domain,cn=topology,c...
>> cn: nitrogen.eggvfx.ie-to-oxygen.eggvfx.ie
>> <
http://nitrogen.eggvfx.ie-to-oxygen.eggvfx.ie>
>> ipaReplTopoSegmentRightNode: oxygen.eggvfx.ie
>> <
http://oxygen.eggvfx.ie>
>> dn: cn=nitrogen.eggvfx.ie-to-oxygen.eggvfx.ie
>>
<
http://nitrogen.eggvfx.ie-to-oxygen.eggvfx.ie>,cn=ca,cn=topology,cn=ip...,
>> cn: nitrogen.eggvfx.ie-to-oxygen.eggvfx.ie
>> <
http://nitrogen.eggvfx.ie-to-oxygen.eggvfx.ie>
>> ipaReplTopoSegmentRightNode: oxygen.eggvfx.ie
>> <
http://oxygen.eggvfx.ie>
>> dn: cn=oxygen.eggvfx.ie
>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a7...
>> cn: oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie>
>>
>>
>> I see that some of the lines have been truncated but you can
>> see the start of some lines point to segment nodes with
>> Nitrogen, is it okay still to run this ldapdelete?
>>
>>
>> <
http://www.egg.ie/>
>>
>>
>>
>> *Jamal Mahmoud* / Pipeline TD
>> jamal.mahmoud(a)egg.ie <mailto:jamal.mahmoud@egg.ie>
>>
>> 35 Fitzwilliam Street Upper, Dublin.
>> P: +353 1 6345440 <tel:+353%201%20634%205440>
>>
>> Twitter <
https://twitter.com/EggPost> Facebook
>> <
https://www.facebook.com/egg.post/> LinkedIn
>> <
http://www.linkedin.com/in/jamalmahmoud> Vimeo
>> <
https://vimeo.com/user9887735>
>>
>>
>>
>>
>>
>> On 14 February 2018 at 14:37, thierry bordaz
>> <tbordaz(a)redhat.com <mailto:tbordaz@redhat.com>> wrote:
>>
>> Okay,
>>
>> So master 'oxygen' was a conflicts as well as all its
>> services (NTP, KDC...).
>> My understanding is that 'oxygen' is no longer part of
>> the topology. So I think removing all its children and
>> then the master would solve your issue.
>>
>> ldapdelete -D "cn=directory manager" -W
>> "cn=oxygen.eggvfx.ie
>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a7...
>>
>>
>> ldapdelete -D "cn=directory manager" -W
>>
"cn=NTP+nsuniqueid=65aeb78a-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a7...
>>
>> ldapdelete -D "cn=directory manager" -W
>>
"cn=KDC+nsuniqueid=65aeb78c-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a7...
>>
>> ldapdelete -D "cn=directory manager" -W
>>
"cn=KPASSWD+nsuniqueid=65aeb78d-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a7...
>>
>> ldapdelete -D "cn=directory manager" -W
>>
"cn=HTTP+nsuniqueid=72cba68b-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a7...
>>
>> ldapdelete -D "cn=directory manager" -W
>>
"cn=OTPD+nsuniqueid=72cba68c-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a7...
>>
>> ldapdelete -D "cn=directory manager" -W
>>
"cn=KEYS+nsuniqueid=72cba68d-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a7...
>>
>> But before doing that I would first check if it remains
>> reference to oxygen somewhere.
>>
>> ldapsearch -LLL -D "cn=directory manager" -W -b
>> "dc=eggvfx,dc=ie" "(objectclass=*)" >
/tmp/all_db
>>
>> then search for 'oxygen' into /tmp/all_db and check it
>> appears only in those conflict entries.
>>
>>
>> On 02/14/2018 03:22 PM, Jamal Mahmoud wrote:
>>> Here it is! If there is anything else don't hesitate to
>>> ask me!
>>>
>>> [root@lithium ~]# ldapsearch -D "cn=directory manager"
>>> -W -b "cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>> "(nsds5ReplConflict=*)" dn
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie> with
>>> scope subtree
>>> # filter: (nsds5ReplConflict=*)
>>> # requesting: dn
>>> #
>>>
>>> # oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> +
>>> 562f6f20-04de11e8-a003fb96-902b0a77, masters, ipa, etc, eg
>>> gvfx.ie <
http://gvfx.ie>
>>> dn: cn=oxygen.eggvfx.ie
>>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a7...
>>> ers,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>
>>> # NTP + 65aeb78a-04de11e8-a003fb96-902b0a77,
>>> oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> +
562f6f20-04de11
>>> e8-a003fb96-902b0a77, masters, ipa, etc, eggvfx.ie
>>> <
http://eggvfx.ie>
>>> dn:
>>>
cn=NTP+nsuniqueid=65aeb78a-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>> <
http://oxygen.eggvfx.ie>+
>>>
nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,cn=masters,cn=ipa,cn=etc,dc=eg
>>> gvfx,dc=ie
>>>
>>> # KDC + 65aeb78c-04de11e8-a003fb96-902b0a77,
>>> oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> +
562f6f20-04de11
>>> e8-a003fb96-902b0a77, masters, ipa, etc, eggvfx.ie
>>> <
http://eggvfx.ie>
>>> dn:
>>>
cn=KDC+nsuniqueid=65aeb78c-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>> <
http://oxygen.eggvfx.ie>+
>>>
nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,cn=masters,cn=ipa,cn=etc,dc=eg
>>> gvfx,dc=ie
>>>
>>> # KPASSWD + 65aeb78d-04de11e8-a003fb96-902b0a77,
>>> oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> + 562f6f20-04
>>> de11e8-a003fb96-902b0a77, masters, ipa, etc, eggvfx.ie
>>> <
http://eggvfx.ie>
>>> dn:
>>>
cn=KPASSWD+nsuniqueid=65aeb78d-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx
>>>
.ie+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,cn=masters,cn=ipa,cn=etc,d
>>> c=eggvfx,dc=ie
>>>
>>> # HTTP + 72cba68b-04de11e8-a003fb96-902b0a77,
>>> oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> +
562f6f20-04de1
>>> 1e8-a003fb96-902b0a77, masters, ipa, etc, eggvfx.ie
>>> <
http://eggvfx.ie>
>>> dn:
>>>
cn=HTTP+nsuniqueid=72cba68b-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>> <
http://oxygen.eggvfx.ie>
>>>
+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,cn=masters,cn=ipa,cn=etc,dc=e
>>> ggvfx,dc=ie
>>>
>>> # OTPD + 72cba68c-04de11e8-a003fb96-902b0a77,
>>> oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> +
562f6f20-04de1
>>> 1e8-a003fb96-902b0a77, masters, ipa, etc, eggvfx.ie
>>> <
http://eggvfx.ie>
>>> dn:
>>>
cn=OTPD+nsuniqueid=72cba68c-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>> <
http://oxygen.eggvfx.ie>
>>>
+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,cn=masters,cn=ipa,cn=etc,dc=e
>>> ggvfx,dc=ie
>>>
>>> # KEYS + 72cba68d-04de11e8-a003fb96-902b0a77,
>>> oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> +
562f6f20-04de1
>>> 1e8-a003fb96-902b0a77, masters, ipa, etc, eggvfx.ie
>>> <
http://eggvfx.ie>
>>> dn:
>>>
cn=KEYS+nsuniqueid=72cba68d-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>> <
http://oxygen.eggvfx.ie>
>>>
+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,cn=masters,cn=ipa,cn=etc,dc=e
>>> ggvfx,dc=ie
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 8
>>> # numEntries: 7
>>>
>>> Many Thanks,
>>>
>>> <
http://www.egg.ie/>
>>>
>>>
>>>
>>> *Jamal Mahmoud* / Pipeline TD
>>> jamal.mahmoud(a)egg.ie <mailto:jamal.mahmoud@egg.ie>
>>>
>>> 35 Fitzwilliam Street Upper, Dublin
>>>
<
https://maps.google.com/?q=35+Fitzwilliam+Street+Upper,+Dublin&entry=...
>>> P: +353 1 6345440 <tel:+353%201%20634%205440>
>>>
>>> Twitter <
https://twitter.com/EggPost> Facebook
>>> <
https://www.facebook.com/egg.post/> LinkedIn
>>> <
http://www.linkedin.com/in/jamalmahmoud> Vimeo
>>> <
https://vimeo.com/user9887735>
>>>
>>>
>>>
>>>
>>>
>>> On 14 February 2018 at 14:00, thierry bordaz
>>> <tbordaz(a)redhat.com <mailto:tbordaz@redhat.com>>
wrote:
>>>
>>> Jamal,
>>>
>>> sorry to iterate but I would like to have a complete
>>> view before deleting entries.
>>>
>>> What is the outpout of
>>> ldapsearch -D "cn=directory manager" -W -b
>>> "cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>> "(nsds5ReplConflict=*)" dn
>>>
>>>
>>> On 02/14/2018 02:43 PM, Jamal Mahmoud wrote:
>>>> Oh i see! Here is the output from that command:
>>>>
>>>> [root@lithium ~]# ldapsearch -D "cn=directory
>>>> manager" -W -b
>>>> "cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>
"(|(objectclass=*)(objectclass=nstombstone)(objectclass=ldapsubentry))"
>>>> Enter LDAP Password:
>>>> # extended LDIF
>>>> #
>>>> # LDAPv3
>>>> # base <cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie>
>>>> with scope subtree
>>>> # filter:
>>>>
(|(objectclass=*)(objectclass=nstombstone)(objectclass=ldapsubentry))
>>>> # requesting: ALL
>>>> #
>>>>
>>>> # masters, ipa, etc, eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: top
>>>> cn: masters
>>>>
>>>> # nitrogen.eggvfx.ie <
http://nitrogen.eggvfx.ie>,
>>>> masters, ipa, etc, eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=nitrogen.eggvfx.ie
>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> ipaMaxDomainLevel: 1
>>>> ipaMinDomainLevel: 0
>>>> ipaReplTopoManagedSuffix: dc=eggvfx,dc=ie
>>>> ipaReplTopoManagedSuffix: o=ipaca
>>>> cn: nitrogen.eggvfx.ie <
http://nitrogen.eggvfx.ie>
>>>> objectClass: top
>>>> objectClass: nsContainer
>>>> objectClass: ipaReplTopoManagedServer
>>>> objectClass: ipaConfigObject
>>>> objectClass: ipaSupportedDomainLevelConfig
>>>>
>>>> # 4184b79c-efc211e7-a445c156-0137f91d,
>>>> lithium.eggvfx.ie <
http://lithium.eggvfx.ie>,
>>>> masters, ipa, etc, eg
>>>> gvfx.ie <
http://gvfx.ie>
>>>> dn:
>>>>
nsuniqueid=4184b79c-efc211e7-a445c156-0137f91d,cn=lithium.eggvfx.ie
>>>> <
http://lithium.eggvfx.ie>,cn=mas
>>>> ters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> nstombstonecsn: 5a4b902b001c00070000
>>>> nsParentUniqueId: 0ae096b3-9c8a11e7-917dfdf1-4323123d
>>>> ipaMaxDomainLevel: 1
>>>> ipaMinDomainLevel: 0
>>>> ipaReplTopoManagedSuffix: dc=eggvfx,dc=ie
>>>> cn: lithium.eggvfx.ie <
http://lithium.eggvfx.ie>
>>>> objectClass: top
>>>> objectClass: nsContainer
>>>> objectClass: ipaReplTopoManagedServer
>>>> objectClass: ipaConfigObject
>>>> objectClass: ipaSupportedDomainLevelConfig
>>>> objectClass: nsTombstone
>>>>
>>>> # NTP, nitrogen.eggvfx.ie
>>>> <
http://nitrogen.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=NTP,cn=nitrogen.eggvfx.ie
>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> cn: NTP
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 45
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>>
>>>> # KDC, nitrogen.eggvfx.ie
>>>> <
http://nitrogen.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=KDC,cn=nitrogen.eggvfx.ie
>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> cn: KDC
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 10
>>>> ipaConfigString: kdcProxyEnabled
>>>> ipaConfigString: pkinitEnabled
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>>
>>>> # KPASSWD, nitrogen.eggvfx.ie
>>>> <
http://nitrogen.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=KPASSWD,cn=nitrogen.eggvfx.ie
>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> cn: KPASSWD
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 20
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>>
>>>> # HTTP, nitrogen.eggvfx.ie
>>>> <
http://nitrogen.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=HTTP,cn=nitrogen.eggvfx.ie
>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> cn: HTTP
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 40
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>>
>>>> # OTPD, nitrogen.eggvfx.ie
>>>> <
http://nitrogen.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=OTPD,cn=nitrogen.eggvfx.ie
>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> cn: OTPD
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 80
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>>
>>>> # KEYS, nitrogen.eggvfx.ie
>>>> <
http://nitrogen.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=KEYS,cn=nitrogen.eggvfx.ie
>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> cn: KEYS
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 41
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>>
>>>> # CA, nitrogen.eggvfx.ie
>>>> <
http://nitrogen.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=CA,cn=nitrogen.eggvfx.ie
>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> cn: CA
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 50
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>>
>>>> # DNS, nitrogen.eggvfx.ie
>>>> <
http://nitrogen.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=DNS,cn=nitrogen.eggvfx.ie
>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> cn: DNS
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 30
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>>
>>>> # DNSKeySync, nitrogen.eggvfx.ie
>>>> <
http://nitrogen.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=DNSKeySync,cn=nitrogen.eggvfx.ie
>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=
>>>> ie
>>>> cn: DNSKeySync
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 110
>>>> ipaConfigString: dnssecVersion 1
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>>
>>>> # lithium.eggvfx.ie <
http://lithium.eggvfx.ie>,
>>>> masters, ipa, etc, eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=lithium.eggvfx.ie
>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> objectClass: top
>>>> objectClass: nsContainer
>>>> objectClass: ipaReplTopoManagedServer
>>>> objectClass: ipaConfigObject
>>>> objectClass: ipaSupportedDomainLevelConfig
>>>> cn: lithium.eggvfx.ie <
http://lithium.eggvfx.ie>
>>>> ipaReplTopoManagedSuffix: dc=eggvfx,dc=ie
>>>> ipaReplTopoManagedSuffix: o=ipaca
>>>> ipaMinDomainLevel: 0
>>>> ipaMaxDomainLevel: 1
>>>>
>>>> # NTP, lithium.eggvfx.ie
>>>> <
http://lithium.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=NTP,cn=lithium.eggvfx.ie
>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 45
>>>> cn: NTP
>>>>
>>>> # KDC, lithium.eggvfx.ie
>>>> <
http://lithium.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=KDC,cn=lithium.eggvfx.ie
>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 10
>>>> ipaConfigString: kdcProxyEnabled
>>>> ipaConfigString: pkinitEnabled
>>>> cn: KDC
>>>>
>>>> # KPASSWD, lithium.eggvfx.ie
>>>> <
http://lithium.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=KPASSWD,cn=lithium.eggvfx.ie
>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 20
>>>> cn: KPASSWD
>>>>
>>>> # HTTP, lithium.eggvfx.ie
>>>> <
http://lithium.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=HTTP,cn=lithium.eggvfx.ie
>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 40
>>>> cn: HTTP
>>>>
>>>> # OTPD, lithium.eggvfx.ie
>>>> <
http://lithium.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=OTPD,cn=lithium.eggvfx.ie
>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 80
>>>> cn: OTPD
>>>>
>>>> # KEYS, lithium.eggvfx.ie
>>>> <
http://lithium.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=KEYS,cn=lithium.eggvfx.ie
>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 41
>>>> cn: KEYS
>>>>
>>>> # CA, lithium.eggvfx.ie
<
http://lithium.eggvfx.ie>,
>>>> masters, ipa, etc, eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=CA,cn=lithium.eggvfx.ie
>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 50
>>>> ipaConfigString: caRenewalMaster
>>>> cn: CA
>>>>
>>>> # DNS, lithium.eggvfx.ie
>>>> <
http://lithium.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=DNS,cn=lithium.eggvfx.ie
>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 30
>>>> cn: DNS
>>>>
>>>> # DNSKeySync, lithium.eggvfx.ie
>>>> <
http://lithium.eggvfx.ie>, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=DNSKeySync,cn=lithium.eggvfx.ie
>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=i
>>>> e
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 110
>>>> ipaConfigString: dnssecVersion 1
>>>> cn: DNSKeySync
>>>>
>>>> # oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> +
>>>> 562f6f20-04de11e8-a003fb96-902b0a77, masters, ipa,
>>>> etc, eg
>>>> gvfx.ie <
http://gvfx.ie>
>>>> dn: cn=oxygen.eggvfx.ie
>>>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a7...
>>>> ers,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> objectClass: top
>>>> objectClass: nsContainer
>>>> objectClass: ipaReplTopoManagedServer
>>>> objectClass: ipaConfigObject
>>>> objectClass: ipaSupportedDomainLevelConfig
>>>> cn: oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie>
>>>> ipaReplTopoManagedSuffix: dc=eggvfx,dc=ie
>>>> ipaReplTopoManagedSuffix: o=ipaca
>>>> ipaMinDomainLevel: 0
>>>> ipaMaxDomainLevel: 1
>>>>
>>>> # NTP + 65aeb78a-04de11e8-a003fb96-902b0a77,
>>>> oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> +
>>>> 562f6f20-04de11
>>>> e8-a003fb96-902b0a77, masters, ipa, etc, eggvfx.ie
>>>> <
http://eggvfx.ie>
>>>> dn:
>>>>
cn=NTP+nsuniqueid=65aeb78a-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>>> <
http://oxygen.eggvfx.ie>+
>>>>
nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,cn=masters,cn=ipa,cn=etc,dc=eg
>>>> gvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 45
>>>> cn: NTP
>>>>
>>>> # KDC + 65aeb78c-04de11e8-a003fb96-902b0a77,
>>>> oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> +
>>>> 562f6f20-04de11
>>>> e8-a003fb96-902b0a77, masters, ipa, etc, eggvfx.ie
>>>> <
http://eggvfx.ie>
>>>> dn:
>>>>
cn=KDC+nsuniqueid=65aeb78c-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>>> <
http://oxygen.eggvfx.ie>+
>>>>
nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,cn=masters,cn=ipa,cn=etc,dc=eg
>>>> gvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 10
>>>> ipaConfigString: kdcProxyEnabled
>>>> ipaConfigString: pkinitEnabled
>>>> cn: KDC
>>>>
>>>> # KPASSWD + 65aeb78d-04de11e8-a003fb96-902b0a77,
>>>> oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> +
>>>> 562f6f20-04
>>>> de11e8-a003fb96-902b0a77, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn:
>>>>
cn=KPASSWD+nsuniqueid=65aeb78d-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx
>>>>
.ie+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,cn=masters,cn=ipa,cn=etc,d
>>>> c=eggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 20
>>>> cn: KPASSWD
>>>>
>>>> # HTTP + 72cba68b-04de11e8-a003fb96-902b0a77,
>>>> oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> +
>>>> 562f6f20-04de1
>>>> 1e8-a003fb96-902b0a77, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn:
>>>>
cn=HTTP+nsuniqueid=72cba68b-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>>> <
http://oxygen.eggvfx.ie>
>>>>
+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,cn=masters,cn=ipa,cn=etc,dc=e
>>>> ggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 40
>>>> cn: HTTP
>>>>
>>>> # OTPD + 72cba68c-04de11e8-a003fb96-902b0a77,
>>>> oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> +
>>>> 562f6f20-04de1
>>>> 1e8-a003fb96-902b0a77, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn:
>>>>
cn=OTPD+nsuniqueid=72cba68c-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>>> <
http://oxygen.eggvfx.ie>
>>>>
+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,cn=masters,cn=ipa,cn=etc,dc=e
>>>> ggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 80
>>>> cn: OTPD
>>>>
>>>> # KEYS + 72cba68d-04de11e8-a003fb96-902b0a77,
>>>> oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> +
>>>> 562f6f20-04de1
>>>> 1e8-a003fb96-902b0a77, masters, ipa, etc,
>>>> eggvfx.ie <
http://eggvfx.ie>
>>>> dn:
>>>>
cn=KEYS+nsuniqueid=72cba68d-04de11e8-a003fb96-902b0a77,cn=oxygen.eggvfx.ie
>>>> <
http://oxygen.eggvfx.ie>
>>>>
+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,cn=masters,cn=ipa,cn=etc,dc=e
>>>> ggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 41
>>>> cn: KEYS
>>>>
>>>> # CA, oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie> +
>>>> 562f6f20-04de11e8-a003fb96-902b0a77, masters, ipa, etc
>>>> , eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=CA,cn=oxygen.eggvfx.ie
>>>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,c
>>>> n=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 50
>>>> cn: CA
>>>>
>>>> # DNS, oxygen.eggvfx.ie <
http://oxygen.eggvfx.ie>
+
>>>> 562f6f20-04de11e8-a003fb96-902b0a77, masters, ipa, et
>>>> c, eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=DNS,cn=oxygen.eggvfx.ie
>>>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a77,
>>>> cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 30
>>>> cn: DNS
>>>>
>>>> # DNSKeySync, oxygen.eggvfx.ie
>>>> <
http://oxygen.eggvfx.ie> +
>>>> 562f6f20-04de11e8-a003fb96-902b0a77, masters,
>>>> ipa, etc, eggvfx.ie <
http://eggvfx.ie>
>>>> dn: cn=DNSKeySync,cn=oxygen.eggvfx.ie
>>>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-90
>>>> 2b0a77,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>> objectClass: nsContainer
>>>> objectClass: ipaConfigObject
>>>> objectClass: top
>>>> ipaConfigString: enabledService
>>>> ipaConfigString: startOrder 110
>>>> ipaConfigString: dnssecVersion 1
>>>> cn: DNSKeySync
>>>>
>>>> # search result
>>>> search: 2
>>>> result: 0 Success
>>>>
>>>> # numResponses: 33
>>>> # numEntries: 32
>>>>
>>>>
>>>> <
http://www.egg.ie/>
>>>>
>>>>
>>>>
>>>> *Jamal Mahmoud* / Pipeline TD
>>>> jamal.mahmoud(a)egg.ie <mailto:jamal.mahmoud@egg.ie>
>>>>
>>>> 35 Fitzwilliam Street Upper, Dublin
>>>>
<
https://maps.google.com/?q=35+Fitzwilliam+Street+Upper,+Dublin&entry=...
>>>> P: +353 1 6345440 <tel:+353%201%20634%205440>
>>>>
>>>> Twitter <
https://twitter.com/EggPost> Facebook
>>>> <
https://www.facebook.com/egg.post/> LinkedIn
>>>> <
http://www.linkedin.com/in/jamalmahmoud> Vimeo
>>>> <
https://vimeo.com/user9887735>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 14 February 2018 at 13:39, thierry bordaz
>>>> <tbordaz(a)redhat.com
<mailto:tbordaz@redhat.com>> wrote:
>>>>
>>>> Jamal,
>>>>
>>>> sorry I was not clear. Before deleting it can
>>>> you provide
>>>>
>>>> ldapsearch -D "cn=directory manager" -W -b
>>>> "cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>
"(|(objectclass=*)(objectclass=nstombstone)(objectclass=ldapsubentry))"
>>>>
>>>> On 02/14/2018 02:30 PM, Jamal Mahmoud wrote:
>>>>> Thank you Thierry, so from hat i understand is
>>>>> that if i delete oxygen from the entries, it
>>>>> should be resolved? how do i go about deleting
>>>>> it though? Not sure where to look/command to
run.
>>>>>
>>>>> Thanks again,
>>>>> Jamal
>>>>>
>>>>> On Wed 14 Feb 2018 at 13:27, thierry bordaz
>>>>> <tbordaz(a)redhat.com
>>>>> <mailto:tbordaz@redhat.com>> wrote:
>>>>>
>>>>> Hi Jamal,
>>>>>
>>>>> The problem comes from a conflict entry
>>>>>
>>>>> dn: cn=nitrogen.eggvfx.ie
>>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>>>
cn;vucsn-5a2841c1000200070000;mdcsn-5a2841c1000200070000:
>>>>> nitrogen.eggvfx.ie
>>>>> <
http://nitrogen.eggvfx.ie>
>>>>>
>>>>> dn: cn=lithium.eggvfx.ie
>>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>>>
cn;vucsn-5a4b93bc0002000b0000;mdcsn-5a4b93bc0002000b0000:
>>>>> lithium.eggvfx.ie
>>>>> <
http://lithium.eggvfx.ie>
>>>>>
>>>>> dn: cn=oxygen.eggvfx.ie
>>>>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a7...
>>>>>
cn;vucsn-5a6ef6390002000d0000;mdcsn-5a6ef6390002000d0000:
>>>>> oxygen.eggvfx.ie
<
http://oxygen.eggvfx.ie>
>>>>>
nsds5ReplConflict;vucsn-5a6ef6390002000d0000:
>>>>> namingConflict cn=oxygen.eggvfx.ie
>>>>>
<
http://oxygen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>>>
>>>>> There are 3 masters, but oxygen is a
>>>>> conflict entry. IPA CLI is using its
'cn'
>>>>> value to retrieve (cn=oxygen.eggvfx.ie
>>>>> <
http://oxygen.eggvfx.ie> conctenated
with
>>>>> cn=masters,...)
>>>>>
>>>>> oxygen was added in parallel on two hosts.
>>>>> Making the one added on ReplicaId=0x000d a
>>>>> conflict.
>>>>> Later oxygen was removed but the dangling
>>>>> conflict has not been clean up. I suspect
>>>>> this dangling master should be present on
>>>>> all servers
>>>>>
>>>>> ldapsearch -D "cn=directory
manager"
>>>>> -W -b
>>>>>
"cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>> "(nsds5ReplConflict=*)"
>>>>>
>>>>>
>>>>> Conflicts are visible to regular search
>>>>> and IPA is fighting with them (this is
>>>>> going to be fixed).
>>>>> If this entry is the only conflict in the
>>>>> 'master' container and without any
>>>>> children, I think you may delete it.
>>>>>
>>>>> best regards
>>>>> theirry
>>>>>
>>>>>
>>>>>
>>>>> On 02/14/2018 12:31 PM, Jamal Mahmoud wrote:
>>>>>> Sure thing Thierry!
>>>>>>
>>>>>>
>>>>>>
---------------------------------------------------------------------------------------------------------------------------
>>>>>> For the First Command:
>>>>>>
---------------------------------------------------------------------------------------------------------------------------
>>>>>>
>>>>>> [root@lithium ~]# ldapsearch -D
>>>>>> "cn=directory manager" -W -b
>>>>>>
"cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" -s
>>>>>> one 'objectclass=*' nscpentrywsi
>>>>>> Enter LDAP Password:
>>>>>> # extended LDIF
>>>>>> #
>>>>>> # LDAPv3
>>>>>> # base
>>>>>>
<cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie> with
>>>>>> scope oneLevel
>>>>>> # filter: objectclass=*
>>>>>> # requesting: nscpentrywsi
>>>>>> #
>>>>>>
>>>>>> # nitrogen.eggvfx.ie
>>>>>> <
http://nitrogen.eggvfx.ie>,
masters,
>>>>>> ipa, etc, eggvfx.ie
<
http://eggvfx.ie>
>>>>>> dn: cn=nitrogen.eggvfx.ie
>>>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>>>> nscpentrywsi: dn: cn=nitrogen.eggvfx.ie
>>>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=
>>>>>> ie
>>>>>> nscpentrywsi: entryid: 551
>>>>>> nscpentrywsi: parentid: 522
>>>>>> nscpentrywsi:
>>>>>>
createTimestamp;vucsn-5a2841c1000200070000:
>>>>>> 20171206191415Z
>>>>>> nscpentrywsi:
>>>>>> creatorsName;vucsn-5a2841c1000200070000:
>>>>>> cn=Directory Manager
>>>>>> nscpentrywsi:
>>>>>>
ipaMaxDomainLevel;vucsn-5a2841c1000200070000:
>>>>>> 1
>>>>>> nscpentrywsi:
>>>>>>
ipaMinDomainLevel;vucsn-5a2841c1000200070000:
>>>>>> 0
>>>>>> nscpentrywsi:
>>>>>>
ipaReplTopoManagedSuffix;vucsn-5a2841c1000200070000:
>>>>>> dc=eggvfx,d
>>>>>> c=ie
>>>>>> nscpentrywsi:
>>>>>>
ipaReplTopoManagedSuffix;vucsn-5a2841f5000000070000:
>>>>>> o=ipaca
>>>>>> nscpentrywsi:
>>>>>>
cn;vucsn-5a2841c1000200070000;mdcsn-5a2841c1000200070000:
>>>>>> nitrog
>>>>>> en.eggvfx.ie
<
http://en.eggvfx.ie>
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a2841c1000200070000:
top
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a2841c1000200070000:
>>>>>> nsContainer
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a2841c1000200070000:
>>>>>> ipaReplTopoManagedServer
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a2841c1000200070000:
>>>>>> ipaConfigObject
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a2841c1000200070000:
>>>>>> ipaSupportedDomainLevelC
>>>>>> onfig
>>>>>> nscpentrywsi:
>>>>>>
modifiersName;adcsn-5a2841f5000000070001;vucsn-5a2841f5000000070
>>>>>> 001: cn=Directory Manager
>>>>>> nscpentrywsi:
>>>>>>
modifyTimestamp;adcsn-5a2841f5000000070002;vucsn-5a2841f50000000
>>>>>> 70002: 20171206191507Z
>>>>>> nscpentrywsi: nsUniqueId:
>>>>>> 9fa0a6a0-dab911e7-9b12a63c-96e53ac2
>>>>>> nscpentrywsi: entryusn: 2
>>>>>> nscpentrywsi: numSubordinates: 9
>>>>>>
>>>>>> # lithium.eggvfx.ie
>>>>>> <
http://lithium.eggvfx.ie>,
masters, ipa,
>>>>>> etc, eggvfx.ie <
http://eggvfx.ie>
>>>>>> dn: cn=lithium.eggvfx.ie
>>>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>>>> nscpentrywsi: dn: cn=lithium.eggvfx.ie
>>>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=i
>>>>>> e
>>>>>> nscpentrywsi:
>>>>>>
entryusn;adcsn-5a4b93f60000000b0003;vucsn-5a4b93f60000000b0003:
>>>>>> 54
>>>>>> nscpentrywsi:
>>>>>>
modifyTimestamp;adcsn-5a4b93f60000000b0002;vucsn-5a4b93f60000000
>>>>>> b0002: 20180102141420Z
>>>>>> nscpentrywsi:
>>>>>>
modifiersName;adcsn-5a4b93f60000000b0001;vucsn-5a4b93f60000000b0
>>>>>> 001: cn=Directory Manager
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a4b93bc0002000b0000:
top
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a4b93bc0002000b0000:
>>>>>> nsContainer
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a4b93bc0002000b0000:
>>>>>> ipaReplTopoManagedServer
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a4b93bc0002000b0000:
>>>>>> ipaConfigObject
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a4b93bc0002000b0000:
>>>>>> ipaSupportedDomainLevelC
>>>>>> onfig
>>>>>> nscpentrywsi:
>>>>>>
cn;vucsn-5a4b93bc0002000b0000;mdcsn-5a4b93bc0002000b0000:
>>>>>> lithiu
>>>>>> m.eggvfx.ie <
http://m.eggvfx.ie>
>>>>>> nscpentrywsi:
>>>>>>
ipaReplTopoManagedSuffix;vucsn-5a4b93bc0002000b0000:
>>>>>> dc=eggvfx,d
>>>>>> c=ie
>>>>>> nscpentrywsi:
>>>>>>
ipaReplTopoManagedSuffix;vucsn-5a4b93f60000000b0000:
>>>>>> o=ipaca
>>>>>> nscpentrywsi:
>>>>>>
ipaMinDomainLevel;vucsn-5a4b93bc0002000b0000:
>>>>>> 0
>>>>>> nscpentrywsi:
>>>>>>
ipaMaxDomainLevel;vucsn-5a4b93bc0002000b0000:
>>>>>> 1
>>>>>> nscpentrywsi:
>>>>>> creatorsName;vucsn-5a4b93bc0002000b0000:
>>>>>> cn=Directory Manager
>>>>>> nscpentrywsi:
>>>>>>
createTimestamp;vucsn-5a4b93bc0002000b0000:
>>>>>> 20180102141322Z
>>>>>> nscpentrywsi: nsUniqueId:
>>>>>> 118be292-efc711e7-be76b1c8-a90c608b
>>>>>> nscpentrywsi: parentid: 522
>>>>>> nscpentrywsi: entryid: 855
>>>>>> nscpentrywsi: numSubordinates: 9
>>>>>>
>>>>>> # oxygen.eggvfx.ie
>>>>>> <
http://oxygen.eggvfx.ie> +
>>>>>> 562f6f20-04de11e8-a003fb96-902b0a77,
>>>>>> masters, ipa, etc, eg
>>>>>> gvfx.ie <
http://gvfx.ie>
>>>>>> dn: cn=oxygen.eggvfx.ie
>>>>>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-902b0a7...
>>>>>> ers,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>>>> nscpentrywsi: dn: cn=oxygen.eggvfx.ie
>>>>>>
<
http://oxygen.eggvfx.ie>+nsuniqueid=562f6f20-04de11e8-a003fb96-90
>>>>>>
2b0a77,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>>>> nscpentrywsi:
>>>>>>
entryusn;adcsn-5a6ef6850000000d0003;vucsn-5a6ef6850000000d0003:
>>>>>> 9656
>>>>>> nscpentrywsi:
>>>>>>
modifyTimestamp;adcsn-5a6ef6850000000d0002;vucsn-5a6ef6850000000
>>>>>> d0002: 20180129102411Z
>>>>>> nscpentrywsi:
>>>>>>
modifiersName;adcsn-5a6ef6850000000d0001;vucsn-5a6ef6850000000d0
>>>>>> 001: cn=Directory Manager
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a6ef6390002000d0000:
top
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a6ef6390002000d0000:
>>>>>> nsContainer
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a6ef6390002000d0000:
>>>>>> ipaReplTopoManagedServer
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a6ef6390002000d0000:
>>>>>> ipaConfigObject
>>>>>> nscpentrywsi:
>>>>>> objectClass;vucsn-5a6ef6390002000d0000:
>>>>>> ipaSupportedDomainLevelC
>>>>>> onfig
>>>>>> nscpentrywsi:
>>>>>>
cn;vucsn-5a6ef6390002000d0000;mdcsn-5a6ef6390002000d0000:
>>>>>> oxygen
>>>>>> .eggvfx.ie <
http://eggvfx.ie>
>>>>>> nscpentrywsi:
>>>>>>
ipaReplTopoManagedSuffix;vucsn-5a6ef6390002000d0000:
>>>>>> dc=eggvfx,d
>>>>>> c=ie
>>>>>> nscpentrywsi:
>>>>>>
ipaReplTopoManagedSuffix;vucsn-5a6ef6850000000d0000:
>>>>>> o=ipaca
>>>>>> nscpentrywsi:
>>>>>>
ipaMinDomainLevel;vucsn-5a6ef6390002000d0000:
>>>>>> 0
>>>>>> nscpentrywsi:
>>>>>>
ipaMaxDomainLevel;vucsn-5a6ef6390002000d0000:
>>>>>> 1
>>>>>> nscpentrywsi:
>>>>>> creatorsName;vucsn-5a6ef6390002000d0000:
>>>>>> cn=Directory Manager
>>>>>> nscpentrywsi:
>>>>>>
createTimestamp;vucsn-5a6ef6390002000d0000:
>>>>>> 20180129102255Z
>>>>>> nscpentrywsi:
>>>>>> nsUniqueId;mdcsn-5a6ef6390002000d0000:
>>>>>> 562f6f20-04de11e8-a003fb9
>>>>>> 6-902b0a77
>>>>>> nscpentrywsi: parentid: 522
>>>>>> nscpentrywsi: entryid: 947
>>>>>> nscpentrywsi:
>>>>>>
nsds5ReplConflict;vucsn-5a6ef6390002000d0000:
>>>>>> namingConflict cn=
>>>>>> oxygen.eggvfx.ie
>>>>>>
<
http://oxygen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>>>> nscpentrywsi: numSubordinates: 9
>>>>>>
>>>>>> # search result
>>>>>> search: 2
>>>>>> result: 0 Success
>>>>>>
>>>>>> # numResponses: 4
>>>>>> # numEntries: 3
>>>>>>
>>>>>>
---------------------------------------------------------------------------------------------------------------------------
>>>>>> For the second command:
>>>>>>
---------------------------------------------------------------------------------------------------------------------------
>>>>>>
>>>>>> [root@lithium ~]# ldapsearch -D
>>>>>> "cn=directory manager" -W -b
>>>>>> "cn=oxygen.eggvfx.ie
>>>>>> <
http://oxygen.eggvfx.ie>
>>>>>>
<
http://oxygen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>> -s base 'objectclass=*'
nscpentrywsi
>>>>>> Enter LDAP Password:
>>>>>> # extended LDIF
>>>>>> #
>>>>>> # LDAPv3
>>>>>> # base <cn=oxygen.eggvfx.ie
>>>>>> <
http://oxygen.eggvfx.ie>
>>>>>>
<
http://oxygen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie>
>>>>>> with scope baseObject
>>>>>> # filter: objectclass=*
>>>>>> # requesting: nscpentrywsi
>>>>>> #
>>>>>>
>>>>>> # search result
>>>>>> search: 2
>>>>>> result: 32 No such object
>>>>>> matchedDN:
>>>>>> cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie
>>>>>>
>>>>>> # numResponses: 1
>>>>>>
>>>>>>
---------------------------------------------------------------------------------------------------------------------------
>>>>>> Hope some of that makes sense, thanks
for
>>>>>> the quick response by the way!
>>>>>>
>>>>>> Many Thanks,
>>>>>> Jamal
>>>>>>
>>>>>>
>>>>>> <
http://www.egg.ie/>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *Jamal Mahmoud* / Pipeline TD
>>>>>> jamal.mahmoud(a)egg.ie
>>>>>> <mailto:jamal.mahmoud@egg.ie>
>>>>>>
>>>>>> 35 Fitzwilliam Street Upper, Dublin
>>>>>>
<
https://maps.google.com/?q=35+Fitzwilliam%0D+Street+Upper,+Dublin&ent...
>>>>>> P: +353 1 6345440
<tel:+353%201%20634%205440>
>>>>>>
>>>>>> Twitter
>>>>>>
<
https://twitter.com/EggPost> Facebook
>>>>>>
<
https://www.facebook.com/egg.post/> LinkedIn
>>>>>>
<
http://www.linkedin.com/in/jamalmahmoud> Vimeo
>>>>>> <
https://vimeo.com/user9887735>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 14 February 2018 at 11:17, thierry
>>>>>> bordaz <tbordaz(a)redhat.com
>>>>>> <mailto:tbordaz@redhat.com>>
wrote:
>>>>>>
>>>>>> Hi Jamal,
>>>>>>
>>>>>> Regarding the 'unwilling to
perform'
>>>>>> I think it may topology plugin that
>>>>>> prevents you to isolate a host.
Would
>>>>>> the del isolate a host ?
>>>>>>
>>>>>> Regarding the 'server not
found'. My
>>>>>> understanding is that the problems
>>>>>> weird things come from
>>>>>>
>>>>>> [13/Feb/2018:09:14:47.828827335
>>>>>> +0000] conn=192208 op=3 SRCH
>>>>>>
base="cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>> scope=1
filter="(objectClass=top)"
>>>>>> attrs="ipaMaxDomainLevel cn
>>>>>> ipaMinDomainLevel
>>>>>> ipaReplTopoManagedSuffix ipaLocation
>>>>>> ipaServiceWeight"
>>>>>> [13/Feb/2018:09:14:47.829400972
>>>>>> +0000] conn=192208 op=3 RESULT err=0
>>>>>> tag=101 nentries=3 etime=0
>>>>>>
>>>>>> [13/Feb/2018:09:14:47.845769945
>>>>>> +0000] conn=192208 op=5 SRCH
>>>>>> base="cn=nitrogen.eggvfx.ie
>>>>>> <
http://nitrogen.eggvfx.ie>
>>>>>> <
http://nitrogen.eggvfx.ie>
>>>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>> scope=0
filter="(objectClass=*)" attrs=""
>>>>>> [13/Feb/2018:09:14:47.845875163
>>>>>> +0000] conn=192208 op=5 RESULT err=0
>>>>>> tag=101 nentries=1 etime=0
>>>>>>
>>>>>> [13/Feb/2018:09:14:47.855353962
>>>>>> +0000] conn=192208 op=13 SRCH
>>>>>> base="cn=lithium.eggvfx.ie
>>>>>> <
http://lithium.eggvfx.ie>
>>>>>> <
http://lithium.eggvfx.ie>
>>>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>> scope=0
filter="(objectClass=*)" attrs=""
>>>>>> [13/Feb/2018:09:14:47.855449266
>>>>>> +0000] conn=192208 op=13 RESULT
err=0
>>>>>> tag=101 nentries=1 etime=0
>>>>>>
>>>>>> [13/Feb/2018:09:14:47.864790724
>>>>>> +0000] conn=192208 op=21 SRCH
>>>>>> base="cn=oxygen.eggvfx.ie
>>>>>> <
http://oxygen.eggvfx.ie>
>>>>>> <
http://oxygen.eggvfx.ie>
>>>>>>
<
http://oxygen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>> scope=0
filter="(objectClass=*)" attrs=""
>>>>>> [13/Feb/2018:09:14:47.864996898
>>>>>> +0000] conn=192208 op=21 RESULT
>>>>>> err=32 tag=101 nentries=0 etime=0
>>>>>>
>>>>>>
>>>>>> Could you provide (directly) the
>>>>>> result of the following commands
>>>>>>
>>>>>> ldapsearch -D "cn=directory
>>>>>> manager" -W -b
>>>>>>
""cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>> -s one 'objectclass=*'
nscpentrywsi
>>>>>>
>>>>>>
>>>>>> ldapsearch -D "cn=directory
>>>>>> manager" -W -b
>>>>>> ""cn=oxygen.eggvfx.ie
>>>>>> <
http://oxygen.eggvfx.ie>
>>>>>> <
http://oxygen.eggvfx.ie>
>>>>>>
<
http://oxygen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>> -s base 'objectclass=*'
nscpentrywsi
>>>>>>
>>>>>> Best regards
>>>>>> thierry
>>>>>> On 02/14/2018 10:52 AM, Jamal
Mahmoud
>>>>>> wrote:
>>>>>>> Thank you Rob!
>>>>>>> I can confirm that when i try to
>>>>>>> even view the server from the UI
the
>>>>>>> same error message appears
(server
>>>>>>> not found) in a dialog box, so
>>>>>>> wherever the UI is querying from,
it
>>>>>>> originates from the same place.
I
>>>>>>> would also like to mention that
>>>>>>> while i was trying to remove the
>>>>>>> topology segments from oxygen to
>>>>>>> nitrogen there is another error
that
>>>>>>> appears. I don't know how to
remove
>>>>>>> a segment in the CLI (i tried
and
>>>>>>> couldn't figure it out) but
the
>>>>>>> output from the web UI is
attached
>>>>>>> below. I believe this is normal
>>>>>>> behaviour if the server were
active.
>>>>>>>
>>>>>>> IPA Error 4203: DatabaseError
>>>>>>> Server is unwilling to perform:
>>>>>>> Removal of Segment disconnects
>>>>>>> topology.Deletion not allowed.
>>>>>>>
>>>>>>> I've attached images
explaining what
>>>>>>> i mean.
>>>>>>> Inline images 1Inline images
2Inline
>>>>>>> images 3Inline images 4
>>>>>>> I hope this helps you and
Thierry!
>>>>>>>
>>>>>>> Many Thanks,
>>>>>>> Jamal
>>>>>>>
>>>>>>> <
http://www.egg.ie/>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *Jamal Mahmoud* / Pipeline TD
>>>>>>> jamal.mahmoud(a)egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>
>>>>>>>
>>>>>>> 35 Fitzwilliam Street Upper,
Dublin
>>>>>>>
<
https://maps.google.com/?q=35%0D+Fitzwilliam+Street+Upper,%0D+Dublin&...
>>>>>>> P: +353 1 6345440
>>>>>>>
<tel:+353%201%20634%205440>
>>>>>>>
>>>>>>> Twitter
>>>>>>>
<
https://twitter.com/EggPost> Facebook
>>>>>>>
<
https://www.facebook.com/egg.post/> LinkedIn
>>>>>>>
<
http://www.linkedin.com/in/jamalmahmoud> Vimeo
>>>>>>>
<
https://vimeo.com/user9887735>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 13 February 2018 at 21:14,
Rob
>>>>>>> Crittenden
<rcritten(a)redhat.com
>>>>>>>
<mailto:rcritten@redhat.com>> wrote:
>>>>>>>
>>>>>>> Jamal Mahmoud via
FreeIPA-users
>>>>>>> wrote:
>>>>>>> > Hi Rob,
>>>>>>> >
>>>>>>> > I've isolated the
output on
>>>>>>> lithium when i ran
>>>>>>> > ipa-replica-manage del
>>>>>>> oxygen.eggvfx.ie
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>> > --force --cleanup
>>>>>>> > It's quite heavy
still but
>>>>>>> here it is
>>>>>>>
>>>>>>> This is helpful. It shows
that
>>>>>>> oxygen is being looked for
in
>>>>>>> the IPA
>>>>>>> masters location, cn=masters
and
>>>>>>> is returning err=32, not
found.
>>>>>>>
>>>>>>> What I don't know is why
or
>>>>>>> where this query is coming
from.
>>>>>>>
>>>>>>> There are several queries
that
>>>>>>> look like they might
originate
>>>>>>> in the
>>>>>>> 389-ds topology plugin but I
>>>>>>> couldn't find where and
I'm not
>>>>>>> familiar
>>>>>>> with it in general. Queries
like:
>>>>>>>
>>>>>>> SRCH
>>>>>>>
base="cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> scope=1
>>>>>>>
filter="(objectClass=top)"
>>>>>>> attrs="ipaMaxDomainLevel
cn
>>>>>>> ipaMinDomainLevel
>>>>>>> ipaReplTopoManagedSuffix
>>>>>>> ipaLocation
ipaServiceWeight"
>>>>>>>
>>>>>>> I'm not entirely sure
when you
>>>>>>> invoke ipa-replica-manage if
it is
>>>>>>> calling the topology plugin
>>>>>>> under the hood or not. It
almost
>>>>>>> certainly
>>>>>>> is when you use the UI.
>>>>>>>
>>>>>>> I'm cc'ing someone
who knows
>>>>>>> this better.
>>>>>>>
>>>>>>> rob
>>>>>>>
>>>>>>> >
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:45.823204160
>>>>>>> +0000] conn=192207 fd=155
>>>>>>> slot=155 SSL
>>>>>>> > connection from
192.168.94.4
>>>>>>> to 192.168.94.4
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.027998523
>>>>>>> +0000] conn=192207 TLS1.2
>>>>>>> 256-bit AES-GCM
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.031226897
>>>>>>> +0000] conn=45 op=31409 SRCH
>>>>>>> >
base="dc=eggvfx,dc=ie" scope=2
>>>>>>> >
>>>>>>>
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/EGGVFX.IE(a)EGGVFX.IE
>>>>>>>
<mailto:EGGVFX.IE@EGGVFX.IE>
>>>>>>> >
<mailto:EGGVFX.IE@EGGVFX.IE
>>>>>>>
<mailto:EGGVFX.IE@EGGVFX.IE>>)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/EGGVFX.IE@EGGVFX.IE
>>>>>>>
<mailto:EGGVFX.IE@EGGVFX.IE>
>>>>>>> >
<mailto:EGGVFX.IE@EGGVFX.IE
>>>>>>>
<mailto:EGGVFX.IE@EGGVFX.IE>>)))" attrs="krbPrincipalName
>>>>>>> > krbCanonicalName
krbUPEnabled
>>>>>>> krbPrincipalKey
>>>>>>> krbTicketPolicyReference
>>>>>>> > krbPrincipalExpiration
>>>>>>> krbPasswordExpiration
>>>>>>> krbPwdPolicyReference
>>>>>>> > krbPrincipalType
krbPwdHistory
>>>>>>> krbLastPwdChange
krbPrincipalAliases
>>>>>>> > krbLastSuccessfulAuth
>>>>>>> krbLastFailedAuth
>>>>>>> krbLoginFailedCount
>>>>>>> > krbPrincipalAuthInd
>>>>>>> krbExtraData
krbLastAdminUnlock
>>>>>>> krbObjectReferences
>>>>>>> > krbTicketFlags
>>>>>>> krbMaxTicketLife
>>>>>>> krbMaxRenewableAge
nsAccountLock
>>>>>>> > passwordHistory
>>>>>>> ipaKrbAuthzData
ipaUserAuthType
>>>>>>> ipatokenRadiusConfigLink
>>>>>>> > objectClass"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.031713683
>>>>>>> +0000] conn=45 op=31409
RESULT err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.032193288
>>>>>>> +0000] conn=45 op=31410 SRCH
>>>>>>> >
base="dc=eggvfx,dc=ie" scope=2
>>>>>>> >
>>>>>>>
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/lithium.eggvfx.ie(a)EGGVFX.IE
>>>>>>>
<mailto:lithium.eggvfx.ie@EGGVFX.IE>
>>>>>>> >
>>>>>>>
<mailto:lithium.eggvfx.ie@EGGVFX.IE
>>>>>>>
<mailto:lithium.eggvfx.ie@EGGVFX.IE>>)(krbPrincipalName:caseIgnoreIA5Match:=ldap/lithium.eggvfx.ie@EGGVFX.IE
>>>>>>>
<mailto:lithium.eggvfx.ie@EGGVFX.IE>
>>>>>>> >
>>>>>>>
<mailto:lithium.eggvfx.ie@EGGVFX.IE
>>>>>>>
<mailto:lithium.eggvfx.ie@EGGVFX.IE>>)))"
>>>>>>> attrs="krbPrincipalName
>>>>>>> > krbCanonicalName
krbUPEnabled
>>>>>>> krbPrincipalKey
>>>>>>> krbTicketPolicyReference
>>>>>>> > krbPrincipalExpiration
>>>>>>> krbPasswordExpiration
>>>>>>> krbPwdPolicyReference
>>>>>>> > krbPrincipalType
krbPwdHistory
>>>>>>> krbLastPwdChange
krbPrincipalAliases
>>>>>>> > krbLastSuccessfulAuth
>>>>>>> krbLastFailedAuth
>>>>>>> krbLoginFailedCount
>>>>>>> > krbPrincipalAuthInd
>>>>>>> krbExtraData
krbLastAdminUnlock
>>>>>>> krbObjectReferences
>>>>>>> > krbTicketFlags
>>>>>>> krbMaxTicketLife
>>>>>>> krbMaxRenewableAge
nsAccountLock
>>>>>>> > passwordHistory
>>>>>>> ipaKrbAuthzData
ipaUserAuthType
>>>>>>> ipatokenRadiusConfigLink
>>>>>>> > objectClass"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.032529772
>>>>>>> +0000] conn=45 op=31410
RESULT err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.032696842
>>>>>>> +0000] conn=45 op=31411 SRCH
>>>>>>> > base="cn=EGGVFX.IE
>>>>>>> <
http://EGGVFX.IE>
>>>>>>>
<
http://EGGVFX.IE>,cn=kerberos,dc=eggvfx,dc=ie"
>>>>>>> > scope=0
>>>>>>>
filter="(objectClass=krbticketpolicyaux)"
>>>>>>> >
attrs="krbMaxTicketLife
>>>>>>> krbMaxRenewableAge
krbTicketFlags"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.032904807
>>>>>>> +0000] conn=45 op=31411
RESULT err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.033085928
>>>>>>> +0000] conn=45 op=31412 SRCH
>>>>>>> >
base="dc=eggvfx,dc=ie" scope=2
>>>>>>> >
>>>>>>>
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=admin(a)EGGVFX.IE
>>>>>>>
<mailto:admin@EGGVFX.IE>
>>>>>>> >
<mailto:admin@EGGVFX.IE
>>>>>>>
<mailto:admin@EGGVFX.IE>>))"
>>>>>>> attrs="krbPrincipalName
>>>>>>> krbCanonicalName
>>>>>>> > krbUPEnabled
krbPrincipalKey
>>>>>>> krbTicketPolicyReference
>>>>>>> > krbPrincipalExpiration
>>>>>>> krbPasswordExpiration
>>>>>>> krbPwdPolicyReference
>>>>>>> > krbPrincipalType
krbPwdHistory
>>>>>>> krbLastPwdChange
krbPrincipalAliases
>>>>>>> > krbLastSuccessfulAuth
>>>>>>> krbLastFailedAuth
>>>>>>> krbLoginFailedCount
>>>>>>> > krbPrincipalAuthInd
>>>>>>> krbExtraData
krbLastAdminUnlock
>>>>>>> krbObjectReferences
>>>>>>> > krbTicketFlags
>>>>>>> krbMaxTicketLife
>>>>>>> krbMaxRenewableAge
nsAccountLock
>>>>>>> > passwordHistory
>>>>>>> ipaKrbAuthzData
ipaUserAuthType
>>>>>>> ipatokenRadiusConfigLink
>>>>>>> > objectClass"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.033377257
>>>>>>> +0000] conn=45 op=31412
RESULT err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.033555617
>>>>>>> +0000] conn=45 op=31413 SRCH
>>>>>>> > base="cn=EGGVFX.IE
>>>>>>> <
http://EGGVFX.IE>
>>>>>>>
<
http://EGGVFX.IE>,cn=kerberos,dc=eggvfx,dc=ie"
>>>>>>> > scope=0
>>>>>>>
filter="(objectClass=krbticketpolicyaux)"
>>>>>>> >
attrs="krbMaxTicketLife
>>>>>>> krbMaxRenewableAge
krbTicketFlags"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.033714662
>>>>>>> +0000] conn=45 op=31413
RESULT err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.034731567
>>>>>>> +0000] conn=192207 op=0 BIND
dn=""
>>>>>>> > method=sasl version=3
mech=GSSAPI
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.776688499
>>>>>>> +0000] conn=192207 op=0
RESULT
>>>>>>> err=14
>>>>>>> > tag=97 nentries=0
etime=1,
>>>>>>> SASL bind in progress
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.777340050
>>>>>>> +0000] conn=192207 op=1 BIND
dn=""
>>>>>>> > method=sasl version=3
mech=GSSAPI
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.779800986
>>>>>>> +0000] conn=192207 op=1
RESULT
>>>>>>> err=14
>>>>>>> > tag=97 nentries=0
etime=0,
>>>>>>> SASL bind in progress
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.780131803
>>>>>>> +0000] conn=192207 op=2 BIND
dn=""
>>>>>>> > method=sasl version=3
mech=GSSAPI
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.781745436
>>>>>>> +0000] conn=192207 op=2
RESULT err=0
>>>>>>> > tag=97 nentries=0
etime=0
>>>>>>> >
>>>>>>>
dn="uid=admin,cn=users,cn=accounts,dc=eggvfx,dc=ie"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.782496366
>>>>>>> +0000] conn=192207 op=3 SRCH
>>>>>>> > base="cn=mapping
>>>>>>> tree,cn=config" scope=2
>>>>>>> >
>>>>>>>
filter="(|(&(objectClass=nsds5ReplicationAgreement)(nsDS5ReplicaRoot=dc=eggvfx,dc=ie))(objectClass=nsDSWindowsReplicationAgreement))"
>>>>>>> > attrs=ALL
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.784970100
>>>>>>> +0000] conn=192207 op=3
RESULT err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.786072700
>>>>>>> +0000] conn=192207 op=4 SRCH
>>>>>>> >
base="cn=schema" scope=0
>>>>>>>
filter="(objectClass=*)"
>>>>>>> attrs="attributeTypes
>>>>>>> > objectClasses"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:46.992758156
>>>>>>> +0000] conn=192207 op=4
RESULT err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.274654147
>>>>>>> +0000] conn=192208 fd=156
slot=156
>>>>>>> > connection from local
to
>>>>>>>
/var/run/slapd-EGGVFX-IE.socket
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.275257858
>>>>>>> +0000] conn=192208 AUTOBIND
>>>>>>> > dn="cn=Directory
Manager"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.275266840
>>>>>>> +0000] conn=192208 op=0 BIND
>>>>>>> > dn="cn=Directory
Manager"
>>>>>>> method=sasl version=3
mech=EXTERNAL
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.275307838
>>>>>>> +0000] conn=192208 op=0
RESULT err=0
>>>>>>> > tag=97 nentries=0
etime=0
>>>>>>> dn="cn=Directory
Manager"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.286719997
>>>>>>> +0000] conn=192208 op=1 SRCH
>>>>>>> > base="cn=Domain
>>>>>>>
Level,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> scope=0
>>>>>>> >
filter="(objectClass=*)"
>>>>>>>
attrs="ipaDomainLevel"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.286848507
>>>>>>> +0000] conn=192208 op=1
RESULT err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.287228472
>>>>>>> +0000] conn=192208 op=2 SRCH
>>>>>>> >
base="cn=schema" scope=0
>>>>>>>
filter="(objectClass=*)"
>>>>>>> attrs="attributeTypes
>>>>>>> > objectClasses"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.464093684
>>>>>>> +0000] conn=192208 op=2
RESULT err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.828827335
>>>>>>> +0000] conn=192208 op=3 SRCH
>>>>>>> >
>>>>>>>
base="cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> scope=1
>>>>>>> >
filter="(objectClass=top)"
>>>>>>> attrs="ipaMaxDomainLevel
cn
>>>>>>> ipaMinDomainLevel
>>>>>>> >
ipaReplTopoManagedSuffix
>>>>>>> ipaLocation
ipaServiceWeight"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.829400972
>>>>>>> +0000] conn=192208 op=3
RESULT err=0
>>>>>>> > tag=101 nentries=3
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.834510410
>>>>>>> +0000] conn=192208 op=4 SRCH
>>>>>>> >
>>>>>>>
base="cn=topology,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> scope=1
>>>>>>> >
>>>>>>>
filter="(objectClass=iparepltopoconf)"
>>>>>>> attrs="* cn
ipaReplTopoConfRoot aci"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.834813555
>>>>>>> +0000] conn=192208 op=4
RESULT err=0
>>>>>>> > tag=101 nentries=2
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.845769945
>>>>>>> +0000] conn=192208 op=5 SRCH
>>>>>>> >
base="cn=nitrogen.eggvfx.ie
>>>>>>>
<
http://nitrogen.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=0
>>>>>>>
filter="(objectClass=*)" attrs=""
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.845875163
>>>>>>> +0000] conn=192208 op=5
RESULT err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.846499455
>>>>>>> +0000] conn=192208 op=6 SRCH
>>>>>>> >
base="cn=nitrogen.eggvfx.ie
>>>>>>>
<
http://nitrogen.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=2
filter="(cn=CA)"
>>>>>>> attrs="ipaConfigString
cn"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.846716314
>>>>>>> +0000] conn=192208 op=6
RESULT err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.847775298
>>>>>>> +0000] conn=192208 op=7 SRCH
>>>>>>> >
base="cn=nitrogen.eggvfx.ie
>>>>>>>
<
http://nitrogen.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=2
>>>>>>>
filter="(|(cn=HTTP)(cn=KDC)(cn=KPASSWD))"
>>>>>>> attrs="ipaConfigString
cn"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.848157025
>>>>>>> +0000] conn=192208 op=7
RESULT err=0
>>>>>>> > tag=101 nentries=3
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.850013297
>>>>>>> +0000] conn=192208 op=8 SRCH
>>>>>>> >
base="cn=nitrogen.eggvfx.ie
>>>>>>>
<
http://nitrogen.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=2
>>>>>>>
filter="(|(cn=DNS)(cn=DNSKeySync))"
>>>>>>> attrs="ipaConfigString
cn"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.850305924
>>>>>>> +0000] conn=192208 op=8
RESULT err=0
>>>>>>> > tag=101 nentries=2
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.851655036
>>>>>>> +0000] conn=192208 op=9 SRCH
>>>>>>> >
base="cn=nitrogen.eggvfx.ie
>>>>>>>
<
http://nitrogen.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=2
filter="(cn=NTP)"
>>>>>>> attrs="ipaConfigString
cn"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.851833457
>>>>>>> +0000] conn=192208 op=9
RESULT err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.852812885
>>>>>>> +0000] conn=192208 op=10
SRCH
>>>>>>> >
>>>>>>>
base="cn=computers,cn=accounts,dc=eggvfx,dc=ie"
>>>>>>> scope=2
>>>>>>> >
filter="(&(memberOf=cn=adtrust
>>>>>>> >
>>>>>>>
agents,cn=sysaccounts,cn=etc,dc=eggvfx,dc=ie)(fqdn=nitrogen.eggvfx.ie
>>>>>>>
<
http://nitrogen.eggvfx.ie>
>>>>>>> >
<
http://nitrogen.eggvfx.ie>))"
>>>>>>> attrs="* aci"
>>>>>>> >
[13/Feb/2018:09:14:47.853031311
>>>>>>> +0000] conn=192208 op=10
RESULT
>>>>>>> err=0
>>>>>>> > tag=101 nentries=0
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.853536363
>>>>>>> +0000] conn=192208 op=11
SRCH
>>>>>>> >
base="cn=nitrogen.eggvfx.ie
>>>>>>>
<
http://nitrogen.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=2
filter="(cn=KRA)"
>>>>>>> attrs="ipaConfigString
cn"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.853649454
>>>>>>> +0000] conn=192208 op=11
RESULT
>>>>>>> err=0
>>>>>>> > tag=101 nentries=0
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.854114915
>>>>>>> +0000] conn=192208 op=12
SRCH
>>>>>>> >
base="cn=nitrogen.eggvfx.ie
>>>>>>>
<
http://nitrogen.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://nitrogen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=2
filter="(cn=ADTRUST)"
>>>>>>> attrs="ipaConfigString
cn"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.854224953
>>>>>>> +0000] conn=192208 op=12
RESULT
>>>>>>> err=0
>>>>>>> > tag=101 nentries=0
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.855353962
>>>>>>> +0000] conn=192208 op=13
SRCH
>>>>>>> >
base="cn=lithium.eggvfx.ie
>>>>>>>
<
http://lithium.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=0
>>>>>>>
filter="(objectClass=*)" attrs=""
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.855449266
>>>>>>> +0000] conn=192208 op=13
RESULT
>>>>>>> err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.855936058
>>>>>>> +0000] conn=192208 op=14
SRCH
>>>>>>> >
base="cn=lithium.eggvfx.ie
>>>>>>>
<
http://lithium.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=2
filter="(cn=CA)"
>>>>>>> attrs="ipaConfigString
cn"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.856125343
>>>>>>> +0000] conn=192208 op=14
RESULT
>>>>>>> err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.857152859
>>>>>>> +0000] conn=192208 op=15
SRCH
>>>>>>> >
base="cn=lithium.eggvfx.ie
>>>>>>>
<
http://lithium.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=2
>>>>>>>
filter="(|(cn=HTTP)(cn=KDC)(cn=KPASSWD))"
>>>>>>> attrs="ipaConfigString
cn"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.857517597
>>>>>>> +0000] conn=192208 op=15
RESULT
>>>>>>> err=0
>>>>>>> > tag=101 nentries=3
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.859268273
>>>>>>> +0000] conn=192208 op=16
SRCH
>>>>>>> >
base="cn=lithium.eggvfx.ie
>>>>>>>
<
http://lithium.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=2
>>>>>>>
filter="(|(cn=DNS)(cn=DNSKeySync))"
>>>>>>> attrs="ipaConfigString
cn"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.859490110
>>>>>>> +0000] conn=192208 op=16
RESULT
>>>>>>> err=0
>>>>>>> > tag=101 nentries=2
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.860775424
>>>>>>> +0000] conn=192208 op=17
SRCH
>>>>>>> >
base="cn=lithium.eggvfx.ie
>>>>>>>
<
http://lithium.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=2
filter="(cn=NTP)"
>>>>>>> attrs="ipaConfigString
cn"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.860938889
>>>>>>> +0000] conn=192208 op=17
RESULT
>>>>>>> err=0
>>>>>>> > tag=101 nentries=1
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.861949875
>>>>>>> +0000] conn=192208 op=18
SRCH
>>>>>>> >
>>>>>>>
base="cn=computers,cn=accounts,dc=eggvfx,dc=ie"
>>>>>>> scope=2
>>>>>>> >
filter="(&(memberOf=cn=adtrust
>>>>>>> >
>>>>>>>
agents,cn=sysaccounts,cn=etc,dc=eggvfx,dc=ie)(fqdn=lithium.eggvfx.ie
>>>>>>>
<
http://lithium.eggvfx.ie>
>>>>>>> >
<
http://lithium.eggvfx.ie>))"
>>>>>>> attrs="* aci"
>>>>>>> >
[13/Feb/2018:09:14:47.862121230
>>>>>>> +0000] conn=192208 op=18
RESULT
>>>>>>> err=0
>>>>>>> > tag=101 nentries=0
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.862930080
>>>>>>> +0000] conn=192208 op=19
SRCH
>>>>>>> >
base="cn=lithium.eggvfx.ie
>>>>>>>
<
http://lithium.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=2
filter="(cn=KRA)"
>>>>>>> attrs="ipaConfigString
cn"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.863048094
>>>>>>> +0000] conn=192208 op=19
RESULT
>>>>>>> err=0
>>>>>>> > tag=101 nentries=0
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.863563059
>>>>>>> +0000] conn=192208 op=20
SRCH
>>>>>>> >
base="cn=lithium.eggvfx.ie
>>>>>>>
<
http://lithium.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://lithium.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=2
filter="(cn=ADTRUST)"
>>>>>>> attrs="ipaConfigString
cn"
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.863674190
>>>>>>> +0000] conn=192208 op=20
RESULT
>>>>>>> err=0
>>>>>>> > tag=101 nentries=0
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.864790724
>>>>>>> +0000] conn=192208 op=21
SRCH
>>>>>>> >
base="cn=oxygen.eggvfx.ie
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>> >
>>>>>>>
<
http://oxygen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie"
>>>>>>> > scope=0
>>>>>>>
filter="(objectClass=*)" attrs=""
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.864996898
>>>>>>> +0000] conn=192208 op=21
RESULT
>>>>>>> err=32
>>>>>>> > tag=101 nentries=0
etime=0
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.918001361
>>>>>>> +0000] conn=192207 op=5
UNBIND
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.918035786
>>>>>>> +0000] conn=192207 op=5
fd=155
>>>>>>> closed - U1
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.922593141
>>>>>>> +0000] conn=192208 op=22
UNBIND
>>>>>>> >
>>>>>>>
[13/Feb/2018:09:14:47.922617042
>>>>>>> +0000] conn=192208 op=22
fd=156
>>>>>>> closed - U1
>>>>>>> >
>>>>>>> > For verbosity's sake
i haven't
>>>>>>> done this on nitrogen also,
>>>>>>> unless it is
>>>>>>> > required, if so let me
know!
>>>>>>> I've also attached an
image of
>>>>>>> the output
>>>>>>> > from the command itself
to
>>>>>>> show you the seemingly
useless
>>>>>>> error message.
>>>>>>> > Thanks again,
>>>>>>> > Jamal Mahmoud
>>>>>>> >
>>>>>>> >
<
http://www.egg.ie/>
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> > *Jamal Mahmoud* /
Pipeline TD
>>>>>>> > jamal.mahmoud(a)egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>
>>>>>>>
<mailto:jamal.mahmoud@egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>>
>>>>>>> >
>>>>>>> > 35 Fitzwilliam Street
Upper,
>>>>>>> Dublin
>>>>>>>
<
https://maps.google.com/?q=35+Fitzwilliam+Street+Upper,+Dublin&entry=...
>>>>>>> > P: +353 1 6345440
>>>>>>>
<tel:%2B353%201%206345440>
>>>>>>> >
>>>>>>> > Twitter
>>>>>>>
<
https://twitter.com/EggPost> Facebook
>>>>>>> >
>>>>>>>
<
https://www.facebook.com/egg.post/
>>>>>>>
<
https://www.facebook.com/egg.post/>> LinkedIn
>>>>>>> >
>>>>>>>
<
http://www.linkedin.com/in/jamalmahmoud
>>>>>>>
<
http://www.linkedin.com/in/jamalmahmoud>> Vimeo
>>>>>>> >
<
https://vimeo.com/user9887735>
>>>>>>> >
>>>>>>> >
>>>>>>> > On 12 February 2018 at
20:27,
>>>>>>> Rob Crittenden
>>>>>>> <rcritten(a)redhat.com
>>>>>>>
<mailto:rcritten@redhat.com>
>>>>>>> >
<mailto:rcritten@redhat.com
>>>>>>>
<mailto:rcritten@redhat.com>>>
>>>>>>> wrote:
>>>>>>> >
>>>>>>> > Jamal Mahmoud
wrote:
>>>>>>> > > Sure thing,
>>>>>>> > > Output
on* lithium*:
>>>>>>> > >
>>>>>>> > > [root@lithium
~]#
>>>>>>> ipa-replica-manage del
>>>>>>> oxygen.eggvfx.ie
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>> > >
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>> --force --cleanup
>>>>>>> > >
oxygen.eggvfx.ie
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>> >
<http://oxygen.eggvfx.ie>:
>>>>>>> server not found
>>>>>>> >
>>>>>>> > What is baffling me
the
>>>>>>> most is that the string
'server
>>>>>>> not found' is
>>>>>>> > not to be found in
the IPA
>>>>>>> source. I can't tell
where that
>>>>>>> is being
>>>>>>> > generated.
>>>>>>> >
>>>>>>> > Can you provide a
snippet
>>>>>>> of the 389-ds access log
when
>>>>>>> you request the
>>>>>>> > deletion? That is
in
>>>>>>>
/var/log/dirsrv/slapd-REALM/access
>>>>>>> >
>>>>>>> > Note that the log is
write
>>>>>>> buffered so the content may
not
>>>>>>> appear
>>>>>>> > immediately.
>>>>>>> >
>>>>>>> > Seeing the queries
being
>>>>>>> made and what the
>>>>>>> responses/errors are might
>>>>>>> > give me some ideas.
>>>>>>> >
>>>>>>> > rob
>>>>>>> >
>>>>>>> > >
>>>>>>> > >
>>>>>>> > > [root@lithium
~]# ipa
>>>>>>> domainlevel-get
>>>>>>> > >
-----------------------
>>>>>>> > > Current domain
level: 1
>>>>>>> > >
-----------------------
>>>>>>> > >
>>>>>>> > >
>>>>>>> > > Output on
*nitrogen*:
>>>>>>> > >
>>>>>>> > > [root@nitrogen
~]#
>>>>>>> ipa-replica-manage del
>>>>>>> oxygen.eggvfx.ie
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>> > >
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>> --force --cleanup
>>>>>>> > >
oxygen.eggvfx.ie
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>> >
<http://oxygen.eggvfx.ie>:
>>>>>>> server not found
>>>>>>> > >
>>>>>>> > >
>>>>>>> > > [root@nitrogen
~]# ipa
>>>>>>> domainlevel-get
>>>>>>> > >
-----------------------
>>>>>>> > > Current domain
level: 1
>>>>>>> > >
-----------------------
>>>>>>> > >
>>>>>>> > > I hope this
helps,
>>>>>>> > >
>>>>>>> > > Jamal
>>>>>>> > >
>>>>>>> > >
<
http://www.egg.ie/>
>>>>>>> > >
>>>>>>> > >
>>>>>>> > >
>>>>>>> > > *Jamal Mahmoud*
/
>>>>>>> Pipeline TD
>>>>>>> > >
jamal.mahmoud(a)egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>
>>>>>>>
<mailto:jamal.mahmoud@egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>>
>>>>>>> >
<mailto:jamal.mahmoud@egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>
>>>>>>>
<mailto:jamal.mahmoud@egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>>>
>>>>>>> > >
>>>>>>> > > 35 Fitzwilliam
Street
>>>>>>> Upper, Dublin
>>>>>>>
<
https://maps.google.com/?q=35+Fitzwilliam+Street+Upper,+Dublin&entry=...
>>>>>>> > > P: +353 1
6345440
>>>>>>>
<tel:%2B353%201%206345440>
>>>>>>>
<tel:%2B353%201%206345440>
>>>>>>> > >
>>>>>>> > > Twitter
>>>>>>>
<
https://twitter.com/EggPost> Facebook
>>>>>>> > >
>>>>>>>
<
https://www.facebook.com/egg.post/
>>>>>>>
<
https://www.facebook.com/egg.post/>
>>>>>>> >
>>>>>>>
<https://www.facebook.com/egg.post/
>>>>>>>
<
https://www.facebook.com/egg.post/>>> LinkedIn
>>>>>>> > >
>>>>>>>
<
http://www.linkedin.com/in/jamalmahmoud
>>>>>>>
<
http://www.linkedin.com/in/jamalmahmoud>
>>>>>>> >
>>>>>>>
<http://www.linkedin.com/in/jamalmahmoud
>>>>>>>
<
http://www.linkedin.com/in/jamalmahmoud>>> Vimeo
>>>>>>> > >
>>>>>>>
<
https://vimeo.com/user9887735>
>>>>>>> > >
>>>>>>> > >
>>>>>>> > > On 7 February
2018 at
>>>>>>> 20:34, Rob Crittenden
>>>>>>> <rcritten(a)redhat.com
>>>>>>>
<mailto:rcritten@redhat.com>
>>>>>>>
<mailto:rcritten@redhat.com
>>>>>>>
<mailto:rcritten@redhat.com>>
>>>>>>> > >
>>>>>>>
<mailto:rcritten@redhat.com
>>>>>>>
<mailto:rcritten@redhat.com>
>>>>>>>
<mailto:rcritten@redhat.com
>>>>>>>
<mailto:rcritten@redhat.com>>>>
>>>>>>> wrote:
>>>>>>> > >
>>>>>>> > > Jamal
Mahmoud via
>>>>>>> FreeIPA-users wrote:
>>>>>>> > > > Hi
Rob,
>>>>>>> > > >
>>>>>>> > > > Just
wondering if
>>>>>>> you had time to look at this
>>>>>>> issue for me? Still stuck
>>>>>>> > > > in a
state of
>>>>>>> limbo with this IDM and i
have
>>>>>>> run out of options. Any
>>>>>>> > > > help
in resolving
>>>>>>> this issue would be
appreciated.
>>>>>>> > >
>>>>>>> > > A few more
questions.
>>>>>>> > >
>>>>>>> > > What is the
output
>>>>>>> of: ipa domainlevel-get
>>>>>>> > >
>>>>>>> > > Can you
show the
>>>>>>> full output of
>>>>>>> ipa-replica-manage del
oxygen...
>>>>>>> --force
>>>>>>> > > --cleanup
>>>>>>> > >
>>>>>>> > > And on what
master
>>>>>>> are you running that?
>>>>>>> > >
>>>>>>> > > rob
>>>>>>> > >
>>>>>>> > > >
>>>>>>> > > > Many
Thanks,
>>>>>>> > > > Jamal
>>>>>>> > > >
>>>>>>> > > >
>>>>>>> > > > On 1
February 2018
>>>>>>> at 17:04, Jamal Mahmoud
>>>>>>> <jamal.mahmoud(a)egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>
>>>>>>>
<mailto:jamal.mahmoud@egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>>
>>>>>>> >
>>>>>>>
<mailto:jamal.mahmoud@egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>
>>>>>>>
<mailto:jamal.mahmoud@egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>>>
>>>>>>> > > >
>>>>>>>
<mailto:jamal.mahmoud@egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>
>>>>>>>
<mailto:jamal.mahmoud@egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>>
>>>>>>> >
>>>>>>>
<mailto:jamal.mahmoud@egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>
>>>>>>>
<mailto:jamal.mahmoud@egg.ie
>>>>>>>
<mailto:jamal.mahmoud@egg.ie>>>>> wrote:
>>>>>>> > > >
>>>>>>> > > >
Sorry about
>>>>>>> the lack of clarification
Rob!
>>>>>>> > > >
>>>>>>> > > > I
have 3
>>>>>>> servers, all running CentOS
7.4,
>>>>>>> FreeIPA
>>>>>>> > version 4.5.0. the
>>>>>>> > > >
hostnames are
>>>>>>> lithium, nitrogen and the
recently
>>>>>>> > deceased oxygen.
>>>>>>> > > >
all are
>>>>>>> masters under the same Realm
>>>>>>> which is EGGVFX.IE
>>>>>>> <
http://EGGVFX.IE>
>>>>>>> >
<http://EGGVFX.IE>
>>>>>>> <
http://EGGVFX.IE>
>>>>>>> > > >
>>>>>>> <http://EGGVFX.IE>
>>>>>>> > > >
>>>>>>> > > >
The "server
>>>>>>> not found" error is
exactly what
>>>>>>> shows when
>>>>>>> > i try to
>>>>>>> > > >
delete the
>>>>>>> server from command line or
the
>>>>>>> Web UI.
>>>>>>> > > >
>>>>>>> > > >
When i
>>>>>>> run ipa-replica-manage list
-v
>>>>>>> `hostname` this is
>>>>>>> > the output
>>>>>>> > > >
from the servers:
>>>>>>> > > >
>>>>>>> > > >
Lithium Output:
>>>>>>> > > >
>>>>>>>
root@lithium# ipa-replica-manage list
>>>>>>> -v `hostname`
>>>>>>> > > >
>>>>>>> nitrogen.eggvfx.ie
>>>>>>>
<
http://nitrogen.eggvfx.ie>
>>>>>>>
<
http://nitrogen.eggvfx.ie>
>>>>>>> >
<http://nitrogen.eggvfx.ie>
>>>>>>> > >
>>>>>>>
<http://nitrogen.eggvfx.ie>:
>>>>>>> replica
>>>>>>> > > >
last init
>>>>>>> status: 0 Total update
succeeded
>>>>>>> > > >
last init
>>>>>>> ended: 2018-02-01
10:51:14+00:00
>>>>>>> > > >
last update
>>>>>>> status: Error (0) Replica
acquired
>>>>>>> > successfully:
>>>>>>> > > >
Incremental
>>>>>>> update succeeded
>>>>>>> > > >
last update
>>>>>>> ended: 2018-02-01
16:24:37+00:00
>>>>>>> > > >
>>>>>>> > > >
Nitrogen Output:
>>>>>>> > > >
root@nitrogen#
>>>>>>> ipa-replica-manage list -v
>>>>>>> `hostname`
>>>>>>> > > >
>>>>>>> lithium.eggvfx.ie
>>>>>>>
<
http://lithium.eggvfx.ie>
>>>>>>>
<
http://lithium.eggvfx.ie>
>>>>>>> >
<http://lithium.eggvfx.ie>
>>>>>>> > >
>>>>>>>
<http://lithium.eggvfx.ie>: replica
>>>>>>> > > >
last init
>>>>>>> status: None
>>>>>>> > > >
last init
>>>>>>> ended: 1970-01-01
00:00:00+00:00
>>>>>>> > > >
last update
>>>>>>> status: Error (0) Replica
acquired
>>>>>>> > successfully:
>>>>>>> > > >
Incremental
>>>>>>> update succeeded
>>>>>>> > > >
last update
>>>>>>> ended: 2018-02-01
10:48:18+00:00
>>>>>>> > > >
>>>>>>> oxygen.eggvfx.ie
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>>
<
http://oxygen.eggvfx.ie>
>>>>>>> >
<http://oxygen.eggvfx.ie>
>>>>>>> > >
>>>>>>>
<http://oxygen.eggvfx.ie>: replica
>>>>>>> > > >
last init
>>>>>>> status: None
>>>>>>> > > >
last init
>>>>>>> ended: 1970-01-01
00:00:00+00:00
>>>>>>> > > >
last update
>>>>>>> status: Error (-1) Problem
>>>>>>> connecting to
>>>>>>> > replica -
>>>>>>> > > >
LDAP error:
>>>>>>> Can't contact LDAP
server
>>>>>>> (connection error)
>>>>>>> > > >
last update
>>>>>>>
>>>>> --
>>>>> Many Thanks,
>>>>> Jamal Mahmoud
>>>>
>>>>
>>>
>>>
>>
>>
>
>