Hi Chris, Apologies for the late reply.
You can try ldapsearch this way after generating a kerberos tgt and setting basedn properly (e.g. like basedn='dc=example,dc=com') $ ldapsearch -Y GSSAPI -b cn=topology,cn=ipa,cn=etc,$basedn This should show iparepltoposegment objects and topology-related information. If all else fails and you need to see how objects are build into the ldap tree you may dump the tree: $ ldapsearch -Y GSSAPI -b $basedn And search for objects still referencing your old host. Cheers François On Sat, Jun 22, 2019 at 11:52 AM Christian Reiss via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: > > Hello François, > > Thanks for replying. > I did notice in some post from 2015 about ldap with some rudimentary > ldap command. My ldap knowlegedge is truth be told not awesome (Yet, but > learning). > > No matter how much I tortured ldapsearch I was unable to match pretty > much anything. Not even the other two servers, so something is > fundamentally wrong in my query. > > Even if I hit gold (in terms of finding something in ldap) removing it > would even be as difficult. > > I am willing to learn but ldap and me were never best friends. > > Thanks! > -Chris. > > On 22/06/2019 11:47, François Cami wrote: > > Hi Christian, > > > > On Sat, Jun 22, 2019 at 12:13 AM Christian Reiss via FreeIPA-users > > <freeipa-users@lists.fedorahosted.org> wrote: > >> > >> Hey folks, > >> > >> In my Test-Setup I have the following: > >> > >> srv1.auth.alpha-labs.net > >> srv2.auth.alpha-labs.net > >> srv3.auth.alpha-labs.net > >> > >> srv1 is the freshly installed master. > >> srv2 is a client, promoted to replication via ipa-replica-install. > >> srv3 failed with ipa-replica-install. Now I can't proceed past: > >> > >> -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- > >> [root@srv3 ~]# ipa-replica-install > >> ipaserver.install.installutils: ERROR Unable to resolve the IP > >> address 10.1.2.10 to a host name, check /etc/hosts and DNS name resolution > >> Your system may be partly configured. > >> Run /usr/sbin/ipa-server-install --uninstall to clean up. > >> > >> ipapython.admintool: ERROR A replication agreement for this host > >> already exists. It needs to be removed. > >> Run this command: > >> %% ipa-replica-manage del srv3.auth.alpha-labs.net --force > >> ipapython.admintool: ERROR The ipa-replica-install command failed. > >> See /var/log/ipareplica-install.log for more information > >> -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- > >> > >> I tried (on srv1): > >> > >> - ipa-replica-manage del srv3.auth.alpha-labs.net --cleanup --force > >> - ipa-replica-manage disconnect srv3.auth.alpha-labs.net > >> - ipa-replica-manage del srv3.auth.alpha-labs.net --force -v --no-lookup > >> - ipa-replica-manage clean-dangling-ruv > >> - ipa-replica-manage del --force srv3.auth.alpha-labs.net > >> > >> As this is just a test setup I can easily drop everything and start > >> over, but I really wonder how to fix that once we go live with a real > >> setup. > > > > Please search your ldap tree (using ldapsearch with admin credentials) > > for remaining objects containing the to-delete server hostname. > > You should find the replication agreements there. > > If unsure of what to do next please reply to the list. > > > > François > > > >> Thanks in advance! > >> Enjoy your weekend! > >> -Chris. > >> > >> -- > >> Christian Reiss - em...@christian-reiss.de /"\ ASCII Ribbon > >> supp...@alpha-labs.net \ / Campaign > >> X against HTML > >> WEB alpha-labs.net / \ in eMails > >> > >> GPG Retrieval https://gpg.christian-reiss.de > >> GPG ID ABCD43C5, 0x44E29126ABCD43C5 > >> GPG fingerprint = 9549 F537 2596 86BA 733C A4ED 44E2 9126 ABCD 43C5 > >> > >> "It's better to reign in hell than to serve in heaven.", > >> John Milton, Paradise lost. > >> > >> _______________________________________________ > >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > >> Fedora Code of Conduct: > >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > >> List Archives: > >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > -- > Christian Reiss - em...@christian-reiss.de /"\ ASCII Ribbon > supp...@alpha-labs.net \ / Campaign > X against HTML > WEB alpha-labs.net / \ in eMails > > GPG Retrieval https://gpg.christian-reiss.de > GPG ID ABCD43C5, 0x44E29126ABCD43C5 > GPG fingerprint = 9549 F537 2596 86BA 733C A4ED 44E2 9126 ABCD 43C5 > > "It's better to reign in hell than to serve in heaven.", > John Milton, Paradise lost. > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
