[Freeipa-users] Re: How to blend IPA server 4.1.4 on F21 with server 4.6.8 on C7?

[Bret Wortman via FreeIPA-users]

Now, this morning, I've hit the wall on this yet again.

[root@ipa2c7 ~]# ipa-replica-manage list
ipa2c7.our.net: master
[root@ipa2c7 ~]# ipa-replica-manage list-ruv
Directory Manager password: 

unable to decode: {replica 13} 60b907570001000d0000 60b907570001000d0000
unable to decode: {replica 14} 60b923030002000e0000 60b923030002000e0000
unable to decode: {replica 21} 60cb27ed000600150000 60cb27ed000600150000
unable to decode: {replica 24} 60cc5b11000400180000 60cc5b11000400180000
unable to decode: {replica 17} 60be13a5000000110000 60be13c9000700110000
unable to decode: {replica 18} 60bf4aec000000120000 60c07065000200120000
unable to decode: {replica 5} 53722a35000000050000 5a11c065000000050000
Replica Update Vectors:
  ipa2c7.our.net:389: 26
Certificate Server Replica Update Vectors:
  ipa2c7.our.net:389: 91
[root@ipa2c7 ~]# dsctl slapd-OUR-NET db2ldif --replication userRoot 
/root/userroot.ldif
-bash: dsctl: command not found
[root@ipa2c7 ~]# db2ldif -n userRoot -Z OUR-NET -a /root/userroot.ldif
Exported ldif file: /root/userroot.ldif
ldiffile: /root/userroot.ldif
[root@ipa2c7 ~]# ls /root/userroot.ldif
ls: cannot access /root/userroot.ldif: No such file or directory
[root@ipa2c7 ~]# ipa domainlevel-set 1
ipa: ERROR: Domain Level cannot be raised to 1, existing replication conflicts 
have to be resolved.
[root@ipa2c7 ~]# rpm -qa | grep ipa-server
ipa-server-4.6.8-5.el7.centos.6.x86_64
ipa-server-dns-4.6.8-5.el7.centos.6.noarch
ipa-server-common-4.6.8-5.el7.centos.6.noarch
[root@ipa2c7 ~]# rpm -qa | grep 389
389-ds-base-libs-1.3.10.2-12.el7_9.x86_64
389-ds-base-1.3.10.2-12.el7_9.x86_64
[root@ipa2c7 ~]# 

What this seems to tell me is that I need a way to remove those replicas, but 
when I try them by number I don't get very far:

[root@ipa2c7 ~]# ipa-replica-manage clean-ruv 5
Directory Manager password: 

unable to decode: {replica 13} 60b907570001000d0000 60b907570001000d0000
unable to decode: {replica 14} 60b923030002000e0000 60b923030002000e0000
unable to decode: {replica 21} 60cb27ed000600150000 60cb27ed000600150000
unable to decode: {replica 24} 60cc5b11000400180000 60cc5b11000400180000
unable to decode: {replica 17} 60be13a5000000110000 60be13c9000700110000
unable to decode: {replica 18} 60bf4aec000000120000 60c07065000200120000
unable to decode: {replica 5} 53722a35000000050000 5a11c065000000050000
Replica ID 5 not found

I'd try interacting with the LDAP directly but I can't get an LDIF using 
db2ldif either with dsctl or without it (because I don't have dsctl and "yum 
provides */dsctl" returns no hits so I'm not sure where it comes from).
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure