[18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config" [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105 nentries=0 etime=0 [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBIND
Do you mean that log entry ^? I am seeing that entry on dc2-ipa-dev-nvan, the host that dc1-ipa-dev-van is contacting as its master when we attempt the ipa-replica-install. Look through my earlier posts in this thread for a full log. Yes, of course that DN exists on all my masters. With a 3 way replication it would have to exist because the current master is replicating to 2 other masters. Here is the ldapsearch for all 3 existing hosts showing that DN (dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config") which is apparently failing to be added because it already exists on all my hosts. Entry on dc1-ipa-dev-van ======================== [nathan.peters@dc1-ipa-dev-van ~]$ ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config> with scope subtree # filter: (objectclass=*) # requesting: ALL # # replica, dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config dn: cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: replica nsDS5Flags: 1 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.dev-mydomain.net @DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net nsDS5ReplicaBindDN: krbprincipalname=ldap/dc2-ipa-dev-nvan.dev-mydomain.net @DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net nsDS5ReplicaId: 17 nsDS5ReplicaName: 11f21d13-bccf11e5-a49095ab-7f963284 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaType: 3 nsState:: EQAAAAAAAADQrJ5WAAAAANkAAAAAAAAAkwAAAAAAAAAJAAAAAAAAAA== nsds5ReplicaLegacyConsumer: off nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=dev- mydomain,dc=net nsds5replicabinddngroupcheckinterval: 60 objectClass: nsds5replica objectClass: top objectClass: extensibleobject nsds5ReplicaChangeCount: 71685 nsds5replicareapactive: 0 # meTodc1-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\ 3Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-nvan.dev-mydomain.net description: me to dc1-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd 26000000100000 569b918f001400100000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124 b000000110000 569b918f000f00110000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee 040000000f0000 569b91750005000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n et:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160119213851Z nsds5replicaLastUpdateEnd: 19700101000000Z nsds5replicaChangesSentSinceStartup:: MTc6NTMxLzEzMTg4MzYzMSAxNTozNTAvMCAxNDo1 MC8wIDE2OjMyMi8wIDA6Ni8xMTUg nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate started nsds5replicaUpdateInProgress: TRUE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # meTodc2-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\ 3Dnet, mapping tree, config dn: cn=meTodc2-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc2-ipa-dev-nvan.dev-mydomain.net description: me to dc2-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc2-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee 040000000f0000 569b91900002000f0000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd 26000000100000 569b918d004a00100000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124 b000000110000 569b918f000f00110000 nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n et:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160119213851Z nsds5replicaLastUpdateEnd: 19700101000000Z nsds5replicaChangesSentSinceStartup:: MTc6NTQyLzEzMDIxNDkwNSAxNDoxNjkvMCAxNjo0 NDUvMCAxNToyOTQvMCAwOjEvMTExIA== nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate started nsds5replicaUpdateInProgress: TRUE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 Entry on dc1-ipa-dev-nvan ========================= [nathan.peters@dc1-ipa-dev-nvan ~]$ ldapsearch -D "cn=directory manager" -W -b "cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config> with scope subtree # filter: (objectclass=*) # requesting: ALL # # replica, dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config dn: cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: replica nsDS5Flags: 1 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaBindDN: krbprincipalname=ldap/dc2-ipa-dev-nvan.dev-mydomain.net @DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.dev-mydomain.net@ DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net nsDS5ReplicaId: 16 nsDS5ReplicaName: 79ee3693-bcc211e5-bfa4b538-a3d71f3c nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaType: 3 nsState:: EAAAAAAAAACrrZ5WAAAAAHgAAAAAAAAA8wAAAAAAAAACAAAAAAAAAA== nsds5ReplicaLegacyConsumer: off nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=dev- mydomain,dc=net nsds5replicabinddngroupcheckinterval: 60 objectClass: nsds5replica objectClass: top objectClass: extensibleobject nsds5ReplicaChangeCount: 89267 nsds5replicareapactive: 0 # meTodc1-ipa-dev-van.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\3 Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-van.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-van.dev-mydomain.net description: me to dc1-ipa-dev-van.dev-mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-van.dev-mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124 b000000110000 569b90c7001a00110000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd 26000000100000 569b90c7001600100000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee 040000000f0000 569b8f900005000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b b0000000e0000 569b8f99001c000e0000 nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n et:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160119214152Z nsds5replicaLastUpdateEnd: 20160119214152Z nsds5replicaChangesSentSinceStartup:: MTY6ODg3LzM1NTUxNDQgMTU6MTgyLzAgMTQ6OC8w IDE3OjMvMCAwOjEvMCA= nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # meTodc2-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\ 3Dnet, mapping tree, config dn: cn=meTodc2-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc2-ipa-dev-nvan.dev-mydomain.net description: me to dc2-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc2-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee 040000000f0000 569b90b10003000f0000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd 26000000100000 569b90c1000a00100000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b b0000000e0000 569b8f99001c000e0000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124 b000000110000 569b8e0e000700110000 nsds5ReplicaEnabled: on nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n et:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160119214206Z nsds5replicaLastUpdateEnd: 20160119214206Z nsds5replicaChangesSentSinceStartup:: MTY6NjQyLzE4OTQ5ODAgMTQ6NzEvMCAxNzoxNC8w IDE1OjIvMCA= nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 Entry on dc2-ipa-dev-nvan ========================= [nathan.peters@dc2-ipa-dev-nvan ~]$ ldapsearch -D "cn=directory manager" -b "cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config" -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config> with scope subtree # filter: (objectclass=*) # requesting: ALL # # replica, dc\3Ddev-mydomain\2Cdc\3Dnet, mapping tree, config dn: cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: replica nsDS5Flags: 1 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-nvan.dev-mydomain.net @DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net nsDS5ReplicaBindDN: krbprincipalname=ldap/dc1-ipa-dev-van.dev-mydomain.net@ DEV-mydomain.NET,cn=services,cn=accounts,dc=dev-mydomain,dc=net nsDS5ReplicaId: 15 nsDS5ReplicaName: 74d8b993-bcb911e5-ba5283c7-2a40cd64 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaType: 3 nsState:: DwAAAAAAAADWrZ5WAAAAAAAAAAAAAAAAbAEAAAAAAAABAAAAAAAAAA== nsds5ReplicaLegacyConsumer: off nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=dev- mydomain,dc=net nsds5replicabinddngroupcheckinterval: 60 objectClass: nsds5replica objectClass: top objectClass: extensibleobject nsds5ReplicaChangeCount: 66837 nsds5replicareapactive: 0 # meTodc1-ipa-dev-nvan.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\ 3Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-nvan.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-nvan.dev-mydomain.net description: me to dc1-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-nvan.dev-mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd 26000000100000 569b9201002200100000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124 b000000110000 569b91af000d00110000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee 040000000f0000 569b92010002000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsds5ReplicaEnabled: on nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n et:389} 00000000 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160119214250Z nsds5replicaLastUpdateEnd: 20160119214250Z nsds5replicaChangesSentSinceStartup:: MTU6NDk2LzE2MjI3NzggMTQ6MS8wIDE3OjIyLzAg MTY6Mi8wIA== nsds5replicaLastUpdateStatus: 1 Can't acquire busy replica nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # meTodc1-ipa-dev-van.dev-mydomain.net, replica, dc\3Ddev-mydomain\2Cdc\3 Dnet, mapping tree, config dn: cn=meTodc1-ipa-dev-van.dev-mydomain.net,cn=replica,cn=dc\3Ddev-mydomain\2Cdc\3Dnet,cn=mapping tree,cn=config cn: meTodc1-ipa-dev-van.dev-mydomain.net description: me to dc1-ipa-dev-van.dev-mydomain.net nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicaHost: dc1-ipa-dev-van.dev-mydomain.net nsDS5ReplicaPort: 389 nsDS5ReplicaRoot: dc=dev-mydomain,dc=net nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts uccessfulauth krblastfailedauth krbloginfailedcount nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in ternalModifyTimestamp nsds5replicaTimeout: 120 objectClass: nsds5replicationagreement objectClass: top objectClass: ipaReplTopoManagedAgreement ipaReplTopoManagedAgreementState: managed agreement - controlled by topology p lugin nsds50ruv: {replicageneration} 553fe9bb000000040000 nsds50ruv: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.net:389} 569b124 b000000110000 569b9201000500110000 nsds50ruv: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain.net:389} 569afd 26000000100000 569b918d004a00100000 nsds50ruv: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain.net:389} 569aee 040000000f0000 569b92010002000f0000 nsds50ruv: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.net:389} 569ae7b b0000000e0000 569b91320014000e0000 nsruvReplicaLastModified: {replica 17 ldap://dc1-ipa-dev-van.dev-mydomain.n et:389} 00000000 nsruvReplicaLastModified: {replica 16 ldap://dc1-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 15 ldap://dc2-ipa-dev-nvan.dev-mydomain. net:389} 00000000 nsruvReplicaLastModified: {replica 14 ldap://dc2-ipa-dev-van.dev-mydomain.n et:389} 00000000 nsds5replicareapactive: 0 nsds5replicaLastUpdateStart: 20160119214305Z nsds5replicaLastUpdateEnd: 20160119214305Z nsds5replicaChangesSentSinceStartup:: MTU6NjQ0LzI4NDc1OTggMTY6MTc2LzAgMTc6Mi8w IDA6MS8wIA== nsds5replicaLastUpdateStatus: 0 Replica acquired successfully: Incremental upd ate succeeded nsds5replicaUpdateInProgress: FALSE nsds5replicaLastInitStart: 19700101000000Z nsds5replicaLastInitEnd: 19700101000000Z # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 -----Original Message----- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: January-19-16 12:33 PM To: Nathan Peters; Ludwig Krispenz Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with DuplicateEntry: This entry already exists Nathan Peters wrote: > Ok, after rm-rf /etc/dirsrv I was able to re-install again, but back to the > old issue with DuplicatEntry. > > Can anyone on this list tell me how to fix this issue ? This is a production > domain with several hundred clients and servers attached, so I can't just > blow it away and start over. You've had several people trying. > I need to get this fixed. I think Ludwig's question still stands: on what host are you seeing the duplicate entry logged (err=68)? I presume on the master it is trying to create the agreement against. Have you looked to see if this entry exists on your current masters? rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project