Hi Petr, The cleaning task worked. No more errors.
Thanks for that. Kind regards, — Christophe Dr Christophe Trefois, Dipl.-Ing. Technical Specialist / Post-Doc UNIVERSITÉ DU LUXEMBOURG LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE Campus Belval | House of Biomedicine 6, avenue du Swing L-4367 Belvaux T: +352 46 66 44 6124 F: +352 46 66 44 6949 http://www.uni.lu/lcsb ---- This message is confidential and may contain privileged information. It is intended for the named recipient only. If you receive it in error please notify me and permanently delete the original message and any copies. ---- > On 07 Jul 2016, at 18:06, Petr Vobornik <pvobo...@redhat.com> wrote: > > On 07/04/2016 05:54 PM, Christophe TREFOIS wrote: >> Dear all, >> >> First of all, thanks to mbasti for helping out so far. >> >> We have a 3-node master cluster (—setup-ca) on 4.1 and setup a 4th using >> 4.2.0 as we want to migrate there. >> >> First, we had some orphan entries in ipa-replica-manage list. We removed >> those by manually removing the LDAP node + children in >> cn=etc,cn=ipa,cn=masters. >> Then, we saw that there is still an orphan entry here: >> >> ldapsearch -xLLL -D "cn=directory manager" -W -b dc=uni,dc=lu >> '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))’ >> >> In particular, there is one ghost entry for nsDS5ReplicaBindDN >> >> This is the details of ldapsearch -x -D 'cn=directory manager' -W -b >> 'cn=Replication Manager >> masterAgreement1-lums3.uni.lu-pki-tomcat,ou=csusers,cn=config' >> >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> # base <cn=Replication Manager >> masterAgreement1-lums3.uni.lu-pki-tomcat,ou=csusers,cn=config> with scope >> subtree >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat, csusers, >> config >> dn: cn=Replication Manager >> masterAgreement1-lums3.uni.lu-pki-tomcat,ou=csusers >> ,cn=config >> objectClass: top >> objectClass: person >> cn: Replication Manager masterAgreement1-lums3.uni.lu-pki-tomcat >> sn: manager >> userPassword:: **REMOVED** >> = >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 2 >> # numEntries: 1 >> >> In addition, in slapd error log, i periodically (every 5 mins) see the >> following errors: >> >> [04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace >> (nsslapd-referral, ldap://server1.uni.lu:389/o%3Dipaca) failed. >> [04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace >> (nsslapd-referral, ldap://server1.uni.lu:389/o%3Dipaca) failed. >> [04/Jul/2016:15:47:08 +0000] attrlist_replace - attr_replace >> (nsslapd-referral, ldap://server1.uni.lu:389/o%3Dipaca) failed. >> >> Could anybody help me to clean up the orphaned master replica (that is dead) >> and also tell if these attr_replace errors are related? > > Hello Christophe, > > this is result of not running `ipa-csreplica-manage del` prior running > `ipa-replica-manage del` or `ipa-server-install --uninstall`. > > Solution is described at: > https://www.freeipa.org/page/Troubleshooting#Obsolete_RUV_records > >> >> Thank you for your help in this, >> >> Kind regards, >> >> — >> Christophe >> >> > > > -- > Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
