What level of network connectivity is required between replicas that do not
share a replication agreement?
For years I have been running an IdM environment where there is often limited
connectivity between replicas that do not have replication agreements with each
other, and I don't believe tha
Well, I performed a reinitialization of that server. It continues to use the
new certificates that aren't reflected in the LDAP database, but that doesn't
seem to cause any active problems, and the replication issue was resolved.
--
___
FreeIPA-users ma
I have an IdM replica that stopped sending its replications to the other
replicas in the environment. I want to reinitialize it to hopefully resolve
that replication problem. However, when confirming what data would be lost in
the reinitialization, I noticed that the replica has reissued itself
Actually, I found these other places where the split IPA server continues to be
referenced:
/etc/krb5.conf (kdc, master_kdc, admin_server, and kpasswd_server)
/etc/openldap/ldap.conf (URI)
/etc/chrony.conf (server)
ldap.conf and chrony.conf shouldn't make any difference to identity (or any
othe
Wow, that took me a long time to get to. Sorry to go incommunicado for so long.
I tried your plan and it seemed to work without any hiccup at all. I had an "id
-a user" set to run every 0.2s and not even a single one missed.
It also is definitely enrolled in the non-split part of the cluster. Be
Sorry; I should have been more explicit in my initial post. I'm basically only
concerned with authentication on the client server and minimizing any outage
related to that. The system is running services, but they are independent of
IPA other than that they're running as users that are defined
I have an IdM environment where one of the replicas stopped replicating out. A
number of clients were enrolled into this replica. They are currently working
fine, since they're basically only ever talking to that replica. But I need to
fix that replica, and the only feasible solution at this poi
I've got a bunch of replication errors that I'm trying to resolve with a
re-initialization, but the biggest one right now is that one of my IPA replicas
has inconsistent LDAP attributes and I'm not sure of the best way to proceed.
The inconsistent attributes are:
* ipaUniqueID
* krbPrincipalKey