3:44 p.m.
Hi guys.
Two masters from which third got disconnected in a "dirty"
manner.
-> $ ipa-replica-manage del midway.ccn.priv.dom
Server removal aborted:
Replication topology in suffix 'domain' is disconnected:
Topology does not allow server love.ccn.priv.dom to
replicate with servers:
midway.ccn.priv.dom
Topology does not allow server midway.ccn.priv.dom to
replicate with servers:
love.ccn.priv.dom
punch.ccn.priv.dom
Topology does not allow server punch.ccn.priv.dom to
replicate with servers:
midway.ccn.priv.dom.
-> $ ipa topologysegment-find domain
-----------------
1 segment matched
-----------------
Segment name: punch.ccn.priv.dom-to-love.ccn.priv.dom
Left node: punch.ccn.priv.dom
Right node: love.ccn.priv.dom
Connectivity: both
----------------------------
Number of entries returned 1
-> $ ipa-replica-manage del midway.ccn.priv.dom --force
ipa: WARNING:
/usr/lib/python3.6/site-packages/ipaserver/plugins/dogtag.py:1973:
The subsystem in PKIConnection.__init__() has been
deprecated
(https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes).
Updating DNS system records
Not allowed on non-leaf entry
I've tried to 'reinitialize' but without success.
Anybody care to share suggestions & thoughts?
many thanks, L.
1:27 a.m.
Hi,
is the topology at domain level 1 or domain level 0?
# kinit admin
# ipa domainlevel-get
If the level is 1, the right command in order to remove a replica + ignore
topology disconnect issues is
# kinit admin
# ipa server-del <hostname> --ignore-topology-disconnect
The error "not allowed on non-leaf entry" means that the command tried to
delete an LDAP entry which has child entries. You can have a look at the
directory server logs in /var/log/dirsrv/slapd-IPA-TEST/access and look for
a DEL operation which returned an error (something with RESULT err=<value
different from 0>).
HTH,
flo
On Mon, Jul 5, 2021 at 10:45 PM lejeczek via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Hi guys.
Two masters from which third got disconnected in a "dirty"
manner.
-> $ ipa-replica-manage del midway.ccn.priv.dom
Server removal aborted:
Replication topology in suffix 'domain' is disconnected:
Topology does not allow server love.ccn.priv.dom to
replicate with servers:
midway.ccn.priv.dom
Topology does not allow server midway.ccn.priv.dom to
replicate with servers:
love.ccn.priv.dom
punch.ccn.priv.dom
Topology does not allow server punch.ccn.priv.dom to
replicate with servers:
midway.ccn.priv.dom.
-> $ ipa topologysegment-find domain
-----------------
1 segment matched
-----------------
Segment name: punch.ccn.priv.dom-to-love.ccn.priv.dom
Left node: punch.ccn.priv.dom
Right node: love.ccn.priv.dom
Connectivity: both
----------------------------
Number of entries returned 1
-> $ ipa-replica-manage del midway.ccn.priv.dom --force
ipa: WARNING:
/usr/lib/python3.6/site-packages/ipaserver/plugins/dogtag.py:1973:
The subsystem in PKIConnection.__init__() has been
deprecated
(https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes).
Updating DNS system records
Not allowed on non-leaf entry
I've tried to 'reinitialize' but without success.
Anybody care to share suggestions & thoughts?
many thanks, L.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
11:07 a.m.
On 06/07/2021 07:27, Florence Renaud wrote:
Hi,
is the topology at domain level 1 or domain level 0?
# kinit admin
# ipa domainlevel-get
If the level is 1, the right command in order to remove a
replica + ignore topology disconnect issues is
# kinit admin
# ipa server-del <hostname> --ignore-topology-disconnect
The error "not allowed on non-leaf entry" means that the
command tried to delete an LDAP entry which has child
entries. You can have a look at the directory server logs
in /var/log/dirsrv/slapd-IPA-TEST/access and look for a
DEL operation which returned an error (something with
RESULT err=<value different from 0>).
HTH,
flo
I cannot see any meaningful "DEL" in 'access' at/around the
time of 'server-del' execution, though in 'errors'
...
[06/Jul/2021:17:00:47.672237100 +0100] - ERR -
ldbm_back_delete - conn=5935 op=244 Deleting entry
cn=midway.ccnr.ceb.private.cam.ac.uk,cn=masters,cn=ipa,cn=etc,dc=ccn,dc=priv,dc=dom
has replication conflicts as children.
many thanks, L
On Mon, Jul 5, 2021 at 10:45 PM lejeczek via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>> wrote:
Hi guys.
Two masters from which third got disconnected in a
"dirty"
manner.
-> $ ipa-replica-manage del midway.ccn.priv.dom
Server removal aborted:
Replication topology in suffix 'domain' is disconnected:
Topology does not allow server love.ccn.priv.dom to
replicate with servers:
midway.ccn.priv.dom
Topology does not allow server midway.ccn.priv.dom to
replicate with servers:
love.ccn.priv.dom
punch.ccn.priv.dom
Topology does not allow server punch.ccn.priv.dom to
replicate with servers:
midway.ccn.priv.dom.
-> $ ipa topologysegment-find domain
-----------------
1 segment matched
-----------------
Segment name: punch.ccn.priv.dom-to-love.ccn.priv.dom
Left node: punch.ccn.priv.dom
Right node: love.ccn.priv.dom
Connectivity: both
----------------------------
Number of entries returned 1
-> $ ipa-replica-manage del midway.ccn.priv.dom --force
ipa: WARNING:
/usr/lib/python3.6/site-packages/ipaserver/plugins/dogtag.py:1973:
The subsystem in PKIConnection.__init__() has been
deprecated
(https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes
<https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes>).
Updating DNS system records
Not allowed on non-leaf entry
I've tried to 'reinitialize' but without success.
Anybody care to share suggestions & thoughts?
many thanks, L.
_______________________________________________
FreeIPA-users mailing list --
freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
<https://fedoraproject.org/wiki/Mailing_list_guidelines>
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
<https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
<https://pagure.io/fedora-infrastructure>
11:23 a.m.
Hi
so there are replication conflicts in the LDAP database.
To find the conflicting entries, run the following commands on each server:
export BASEDN=<basedn value from /etc/ipa/default.conf>
ldapsearch -D "cn=Directory Manager" -W -b $BASEDN
"(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))" \* nsds5ReplConflict
And then follow the guide *B.2. Identity Management Replicas* [1] in order
to solve the conflicts.
HTH,
flo
[1]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
On Tue, Jul 6, 2021 at 6:09 PM lejeczek via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
On 06/07/2021 07:27, Florence Renaud wrote:
> Hi,
>
> is the topology at domain level 1 or domain level 0?
> # kinit admin
> # ipa domainlevel-get
>
> If the level is 1, the right command in order to remove a
> replica + ignore topology disconnect issues is
> # kinit admin
> # ipa server-del <hostname> --ignore-topology-disconnect
>
> The error "not allowed on non-leaf entry" means that the
> command tried to delete an LDAP entry which has child
> entries. You can have a look at the directory server logs
> in /var/log/dirsrv/slapd-IPA-TEST/access and look for a
> DEL operation which returned an error (something with
> RESULT err=<value different from 0>).
>
> HTH,
> flo
>
>
I cannot see any meaningful "DEL" in 'access' at/around the
time of 'server-del' execution, though in 'errors'
...
[06/Jul/2021:17:00:47.672237100 +0100] - ERR -
ldbm_back_delete - conn=5935 op=244 Deleting entry
cn=midway.ccnr.ceb.private.cam.ac.uk,cn=masters,cn=ipa,cn=etc,dc=ccn,dc=priv,dc=dom
has replication conflicts as children.
many thanks, L
> On Mon, Jul 5, 2021 at 10:45 PM lejeczek via FreeIPA-users
> <freeipa-users(a)lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>> wrote:
>
> Hi guys.
>
> Two masters from which third got disconnected in a
> "dirty"
> manner.
>
> -> $ ipa-replica-manage del midway.ccn.priv.dom
> Server removal aborted:
>
> Replication topology in suffix 'domain' is disconnected:
> Topology does not allow server love.ccn.priv.dom to
> replicate with servers:
> midway.ccn.priv.dom
> Topology does not allow server midway.ccn.priv.dom to
> replicate with servers:
> love.ccn.priv.dom
> punch.ccn.priv.dom
> Topology does not allow server punch.ccn.priv.dom to
> replicate with servers:
> midway.ccn.priv.dom.
>
> -> $ ipa topologysegment-find domain
> -----------------
> 1 segment matched
> -----------------
> Segment name: punch.ccn.priv.dom-to-love.ccn.priv.dom
> Left node: punch.ccn.priv.dom
> Right node: love.ccn.priv.dom
> Connectivity: both
> ----------------------------
> Number of entries returned 1
>
> -> $ ipa-replica-manage del midway.ccn.priv.dom --force
> ipa: WARNING:
> /usr/lib/python3.6/site-packages/ipaserver/plugins/dogtag.py:1973:
>
> The subsystem in PKIConnection.__init__() has been
> deprecated
> (https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes
> <https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes>).
> Updating DNS system records
> Not allowed on non-leaf entry
>
> I've tried to 'reinitialize' but without success.
> Anybody care to share suggestions & thoughts?
> many thanks, L.
> _______________________________________________
> FreeIPA-users mailing list --
> freeipa-users(a)lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
> <mailto:freeipa-users-leave@lists.fedorahosted.org>
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> <https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
> List Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> <https://fedoraproject.org/wiki/Mailing_list_guidelines>
> List Archives:
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> <
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
> <https://pagure.io/fedora-infrastructure>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
7:20 a.m.
On 06/07/2021 17:23, Florence Renaud wrote:
Hi
so there are replication conflicts in the LDAP database.
To find the conflicting entries, run the following
commands on each server:
export BASEDN=<basedn value from /etc/ipa/default.conf>
ldapsearch -D "cn=Directory Manager" -W -b $BASEDN
"(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))" \*
nsds5ReplConflict
And then follow the guide /B.2. Identity Management
Replicas/ [1] in order to solve the conflicts.
HTH,
flo
I've found backups and thought I was lucky, yet - though
restoration seems to work and I'm able to remove missing
master/replica with no "Not allowed on non-leaf entry" error..
...replication between two existing masters seems to be
"broken", data does not replicate.
If I try 'force-sync' I see, on the requesting master:
...
[09/Jul/2021:10:05:01.553662244 +0100] - ERR -
NSMMReplicationPlugin - prot_notify_agmt_changed -
Replication agreement for
agmt="cn=punch.ccnr.ceb.private.cam.ac.uk-to-love.ccn.priv.dom"
(love:389) could not be updated. For replication to take
place, please enable the suffix and restart the server
...
sroogling that did not get me much info. What the issue here?
many thanks, L.
[1]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
On Tue, Jul 6, 2021 at 6:09 PM lejeczek via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>> wrote:
On 06/07/2021 07:27, Florence Renaud wrote:
> Hi,
>
> is the topology at domain level 1 or domain level 0?
> # kinit admin
> # ipa domainlevel-get
>
> If the level is 1, the right command in order to
remove a
> replica + ignore topology disconnect issues is
> # kinit admin
> # ipa server-del <hostname> --ignore-topology-disconnect
>
> The error "not allowed on non-leaf entry" means that
the
> command tried to delete an LDAP entry which has child
> entries. You can have a look at the directory server
logs
> in /var/log/dirsrv/slapd-IPA-TEST/access and look for a
> DEL operation which returned an error (something with
> RESULT err=<value different from 0>).
>
> HTH,
> flo
>
>
I cannot see any meaningful "DEL" in 'access'
at/around the
time of 'server-del' execution, though in 'errors'
...
[06/Jul/2021:17:00:47.672237100 +0100] - ERR -
ldbm_back_delete - conn=5935 op=244 Deleting entry
cn=midway.ccnr.ceb.private.cam.ac.uk
<http://midway.ccnr.ceb.private.cam.ac.uk>,cn=masters,cn=ipa,cn=etc,dc=...
has replication conflicts as children.
many thanks, L
> On Mon, Jul 5, 2021 at 10:45 PM lejeczek via
FreeIPA-users
> <freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>> wrote:
>
> Hi guys.
>
> Two masters from which third got disconnected in a
> "dirty"
> manner.
>
> -> $ ipa-replica-manage del midway.ccn.priv.dom
> Server removal aborted:
>
> Replication topology in suffix 'domain' is
disconnected:
> Topology does not allow server love.ccn.priv.dom to
> replicate with servers:
> midway.ccn.priv.dom
> Topology does not allow server
midway.ccn.priv.dom to
> replicate with servers:
> love.ccn.priv.dom
> punch.ccn.priv.dom
> Topology does not allow server punch.ccn.priv.dom to
> replicate with servers:
> midway.ccn.priv.dom.
>
> -> $ ipa topologysegment-find domain
> -----------------
> 1 segment matched
> -----------------
> Segment name:
punch.ccn.priv.dom-to-love.ccn.priv.dom
> Left node: punch.ccn.priv.dom
> Right node: love.ccn.priv.dom
> Connectivity: both
> ----------------------------
> Number of entries returned 1
>
> -> $ ipa-replica-manage del midway.ccn.priv.dom
--force
> ipa: WARNING:
>
/usr/lib/python3.6/site-packages/ipaserver/plugins/dogtag.py:1973:
>
> The subsystem in PKIConnection.__init__() has been
> deprecated
>
(https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes
<https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes>
>
<https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes
<https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes>>).
> Updating DNS system records
> Not allowed on non-leaf entry
>
> I've tried to 'reinitialize' but without success.
> Anybody care to share suggestions & thoughts?
> many thanks, L.
> _______________________________________________
> FreeIPA-users mailing list --
> freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>
> To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
>
<mailto:freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>>
> Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
>
<https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<https://docs.fedoraproject.org/en-US/project/code-of-conduct/>>
> List Guidelines:
>
https://fedoraproject.org/wiki/Mailing_list_guidelines
<https://fedoraproject.org/wiki/Mailing_list_guidelines>
>
<https://fedoraproject.org/wiki/Mailing_list_guidelines
<https://fedoraproject.org/wiki/Mailing_list_guidelines>>
> List Archives:
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
<https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>
<https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
<https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
<https://pagure.io/fedora-infrastructure>
> <https://pagure.io/fedora-infrastructure
<https://pagure.io/fedora-infrastructure>>
>
_______________________________________________
FreeIPA-users mailing list --
freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
<https://fedoraproject.org/wiki/Mailing_list_guidelines>
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
<https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
<https://pagure.io/fedora-infrastructure>
2:07 p.m.
lejeczek via FreeIPA-users wrote:
On 06/07/2021 17:23, Florence Renaud wrote:
> Hi
> so there are replication conflicts in the LDAP database.
>
> To find the conflicting entries, run the following commands on each
> server:
> export BASEDN=<basedn value from /etc/ipa/default.conf>
> ldapsearch -D "cn=Directory Manager" -W -b $BASEDN
> "(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))" \*
nsds5ReplConflict
>
> And then follow the guide /B.2. Identity Management Replicas/ [1] in
> order to solve the conflicts.
>
> HTH,
> flo
>
I've found backups and thought I was lucky, yet - though restoration
seems to work and I'm able to remove missing master/replica with no "Not
allowed on non-leaf entry" error..
...replication between two existing masters seems to be "broken", data
does not replicate.
If I try 'force-sync' I see, on the requesting master:
...
[09/Jul/2021:10:05:01.553662244 +0100] - ERR - NSMMReplicationPlugin -
prot_notify_agmt_changed - Replication agreement for
agmt="cn=punch.ccnr.ceb.private.cam.ac.uk-to-love.ccn.priv.dom"
(love:389) could not be updated. For replication to take place, please
enable the suffix and restart the server
...
sroogling that did not get me much info. What the issue here?
What does "I found backups" mean? Are you talking about ipa-backup and
ipa-restore? If you run ipa-restore then you need to re-init all other
servers from that one.
rob
many thanks, L.
> [1]
>
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
>
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
>
>
> On Tue, Jul 6, 2021 at 6:09 PM lejeczek via FreeIPA-users
> <freeipa-users(a)lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>> wrote:
>
>
>
> On 06/07/2021 07:27, Florence Renaud wrote:
> > Hi,
> >
> > is the topology at domain level 1 or domain level 0?
> > # kinit admin
> > # ipa domainlevel-get
> >
> > If the level is 1, the right command in order to
> remove a
> > replica + ignore topology disconnect issues is
> > # kinit admin
> > # ipa server-del <hostname> --ignore-topology-disconnect
> >
> > The error "not allowed on non-leaf entry" means that
> the
> > command tried to delete an LDAP entry which has child
> > entries. You can have a look at the directory server
> logs
> > in /var/log/dirsrv/slapd-IPA-TEST/access and look for a
> > DEL operation which returned an error (something with
> > RESULT err=<value different from 0>).
> >
> > HTH,
> > flo
> >
> >
> I cannot see any meaningful "DEL" in 'access'
> at/around the
> time of 'server-del' execution, though in 'errors'
> ...
> [06/Jul/2021:17:00:47.672237100 +0100] - ERR -
> ldbm_back_delete - conn=5935 op=244 Deleting entry
> cn=midway.ccnr.ceb.private.cam.ac.uk
>
>
<http://midway.ccnr.ceb.private.cam.ac.uk>,cn=masters,cn=ipa,cn=etc,dc=...
>
>
> has replication conflicts as children.
>
> many thanks, L
>
> > On Mon, Jul 5, 2021 at 10:45 PM lejeczek via
> FreeIPA-users
> > <freeipa-users(a)lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
> > <mailto:freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>>> wrote:
> >
> > Hi guys.
> >
> > Two masters from which third got disconnected in a
> > "dirty"
> > manner.
> >
> > -> $ ipa-replica-manage del midway.ccn.priv.dom
> > Server removal aborted:
> >
> > Replication topology in suffix 'domain' is
> disconnected:
> > Topology does not allow server love.ccn.priv.dom to
> > replicate with servers:
> > midway.ccn.priv.dom
> > Topology does not allow server
> midway.ccn.priv.dom to
> > replicate with servers:
> > love.ccn.priv.dom
> > punch.ccn.priv.dom
> > Topology does not allow server punch.ccn.priv.dom to
> > replicate with servers:
> > midway.ccn.priv.dom.
> >
> > -> $ ipa topologysegment-find domain
> > -----------------
> > 1 segment matched
> > -----------------
> > Segment name:
> punch.ccn.priv.dom-to-love.ccn.priv.dom
> > Left node: punch.ccn.priv.dom
> > Right node: love.ccn.priv.dom
> > Connectivity: both
> > ----------------------------
> > Number of entries returned 1
> >
> > -> $ ipa-replica-manage del midway.ccn.priv.dom
> --force
> > ipa: WARNING:
> >
> /usr/lib/python3.6/site-packages/ipaserver/plugins/dogtag.py:1973:
> >
> > The subsystem in PKIConnection.__init__() has been
> > deprecated
> >
> (https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes
> <https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes>
> >
> <https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes
> <https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes>>).
> > Updating DNS system records
> > Not allowed on non-leaf entry
> >
> > I've tried to 'reinitialize' but without success.
> > Anybody care to share suggestions & thoughts?
> > many thanks, L.
2:04 p.m.
hey everyone,
i had a similar issue and it took me a lot of time to figure it out.
I could not a remove a single replica because the topology plugin i
could not remove a non-leave server. But it was a simple leave server.
After trying a lot of stuff, i found out, that some replication
conflicts were the reason.
So removing those let me remove the faulty replica.
Removing replication conflicts is explained here:
https://access.redhat.com/documentation/de-de/red_hat_directory_server/11...
Hope it helps
--
Stephan Voeth
Pronomen: he/er
Matrix: @s_voeth:matrix.tu-darmstadt.de
280
days inactive
1026
days old
freeipa-users@lists.fedorahosted.org
6 comments
4 participants
participants (4)
-
Florence Renaud -
lejeczek -
Rob Crittenden -
Stephan Voeth