Re: [Freeipa-users] LDAP Conflicts

On 05/04/2017 10:20 AM, James Harrison wrote: > Hello All, > According to ipa_check_consistency we have "LDAP Conflicts" > (https://github.com/peterpakos/ipa_check_consistency). > > How do I find and resolve them?

Re: [Freeipa-users] 389-console and IPA

and_and_File_Reference/error-logs.html#error-logs-levels HTH, Mark > > Regards, > Josh. > > On 03/29/2017 10:30 AM, Mark Reynolds wrote: >> >> On 03/28/2017 07:48 PM, Josh wrote: >>> Greetings, >>> >>> I wonder if possible to use 389-console with de

Re: [Freeipa-users] 389-console and IPA

On 03/28/2017 07:48 PM, Josh wrote: > Greetings, > > I wonder if possible to use 389-console with default IPA installation > on REHL 7. This should be technically possible, but it has its risks... You would need to install the 389-admin/console packages, then you would have to register your DS

Re: [Freeipa-users] Replication Issues

t; As always, many thanks. > > On Tue, Mar 7, 2017 at 7:40 PM, Mark Reynolds <marey...@redhat.com > <mailto:marey...@redhat.com>> wrote: > > > > > > On 03/07/2017 06:08 PM, Christopher Young wrote: > >> I had attempted to do _just_ a re-initialize on orl

Re: [Freeipa-users] Replication Issues

and then completely > recreate the replicas? > > I appreciate all the responses. I'm still trying to figure out what > options to use for db2ldif, but I'm looking that up to at least try > and look at the DBs. > > Thanks, > > Chris > > On Tue, Mar 7, 2017 at 4:23 PM, Ma

Re: [Freeipa-users] Replication Issues

appreciated as I've been frustrated with > this for a while now. > > -- Chris > > On Tue, Mar 7, 2017 at 8:45 AM, Mark Reynolds <marey...@redhat.com> wrote: >> What version of 389-ds-base are you using? >> >> rpm -qa | grep 389-ds-base >> >> >> c

Re: [Freeipa-users] Replication Issues

What version of 389-ds-base are you using? rpm -qa | grep 389-ds-base comments below.. On 03/06/2017 02:37 PM, Christopher Young wrote: > I've seen similar posts, but in the interest of asking fresh and > trying to understand what is going on, I thought I would ask for > advice on how best to

Re: [Freeipa-users] ns-slapd segfault

On 11/28/2016 10:22 AM, Giulio Casella wrote: > Il 28/11/2016 15:25, Lukas Slebodnik ha scritto: >> On (28/11/16 12:39), Giulio Casella wrote: >>> Hello, >>> >>> I have a setup with two ipa server in replica, based on CentOS 7. >>> On one server (since a couple of days) ipa cannot start, the

Re: [Freeipa-users] CSN not found

On 11/03/2016 12:49 PM, lejeczek wrote: > > > On 03/11/16 14:16, Mark Reynolds wrote: >> >> On 11/03/2016 09:42 AM, lejeczek wrote: >>> hi everybody >>> >>> my three IPAs have gone haywire, two things I recall: one - one server >>> was on

Re: [Freeipa-users] CSN not found

On 11/03/2016 09:42 AM, lejeczek wrote: > hi everybody > > my three IPAs have gone haywire, two things I recall: one - one server > was on ScientificL with slightly lower minor version of IPA, two - > another server (of the two identical CEntOSes) had skewed time. > Not all there servers are in

Re: [Freeipa-users] cleanallruv - no replica's :(

On 09/30/2016 04:41 PM, Matt Wells wrote: > Hey all I hoped anyone may be able to assist. I had 2 dead replica's > and use the cleanallruv.pl as they refused to > leave otherwise. > ` /usr/sbin/cleanallruv.pl -v -D "cn=directory > manager" -w -

Re: [Freeipa-users] Replication scheme problem

On 09/01/2016 06:13 AM, Andrey Rogovsky wrote: > Hi! > I have 2 servers - ldap1 is FreeIPA (master) and ldap2 is 389 DS (slave). > One way replication ldap1 -> ldap2 is enabled but scheme is not > replicated: What version of 389-ds-base are you using? rpm -qa | grep 389-ds-base > > Log file

Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

Hi Andrey, It looks like you still did not create the replication manager entry. You must create that manager entry on the standalone server. Please read the link I sent you:

Re: [Freeipa-users] Command-line replication is not works in FreeIPA-Master

On 08/31/2016 09:50 AM, Andrey Rogovsky wrote: > Hi! > > I try configure manual replica from FreeIPA DS to 389 DS. > I have two VM: ldap1.example.com and > ldap2.example.com > I was used this > manual >

Re: [Freeipa-users] Cleaning Up an Unholy Mess

On 08/29/2016 12:48 PM, Ian Harding wrote: > > On 08/25/2016 03:10 PM, Mark Reynolds wrote: >> >> On 08/25/2016 02:04 PM, Ian Harding wrote: >>> On 08/25/2016 10:41 AM, Rob Crittenden wrote: >>>> Ian Harding wrote: >>>>> On 08/24/2016 06

Re: [Freeipa-users] Cleaning Up an Unholy Mess

On 08/25/2016 02:04 PM, Ian Harding wrote: > > On 08/25/2016 10:41 AM, Rob Crittenden wrote: >> Ian Harding wrote: >>> >>> On 08/24/2016 06:33 PM, Rob Crittenden wrote: Ian Harding wrote: > I tried to simply uninstall and reinstall freeipa-dal and this > happened. > > It

Re: [Freeipa-users] clean-ruv

On 08/23/2016 05:52 AM, Ian Harding wrote: > Ah. I see. I mixed those up but I see that those would have to be > consistent. > > However, I have been trying to beat some invalid RUV to death for a long > time and I can't seem to kill them. > > For example, bellevuenfs has 9 and 16 which are

Re: [Freeipa-users] Freeipa replication issue

On 07/14/2016 10:10 AM, Stefan Uygur wrote: > Hi Alexander, > Thanks for a quick reply first of all and to be honest actually I have tried > that link too, it didn't work either. > > This is my ipa version: ipa-server-3.0.0-47.el6_7.2.x86_64 and the system is > RHEL 6 > > When I reproduce the

Re: [Freeipa-users] nsds5ReplConflict / Replication issue!

On 05/06/2016 03:29 PM, Devin Acosta wrote: I am running the latest FreeIPA on CentOS 7.2. I noticed I had a “nsds5ReplConflict” with an item, i tried to follow the webpage to rename and delete but that failed. Is this the page you looked at:

Re: [Freeipa-users] Replication failing on FreeIPA 4.2.0 plus ldapmodify freezes up

On 01/12/2016 06:16 PM, Nathan Peters wrote: [12/Jan/2016:23:11:23 +] NSMMReplicationPlugin - agmt="cn=meTodc1-ipa-dev-nvan.mydomain.net" (dc1-ipa-dev-nvan:389): replay_update: Sending modify operation

Re: [Freeipa-users] clean-ruv : How Long?

Hi Janelle, It's really hard to say how long it might take. I know if the replicas are under heavy replication load it can take while to complete. Either way it should not take long to complete(a few hours max) - as long as all the replicas are online. There is very good logging for

Re: [Freeipa-users] Cleanly removing replication agreement

On 10/14/2015 04:55 AM, Dominik Korittki wrote: [11/Oct/2015:17:17:53 +0200] NSMMReplicationPlugin - agmt="cn=meToipa01.internal" (ipa01:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code

Re: [Freeipa-users] re-initialize replica

On 10/06/2015 01:13 PM, Andrew E. Bruno wrote: On Tue, Oct 06, 2015 at 12:53:04PM -0400, Mark Reynolds wrote: On 10/06/2015 10:30 AM, Andrew E. Bruno wrote: On Tue, Oct 06, 2015 at 10:22:44AM -0400, Rob Crittenden wrote: Andrew E. Bruno wrote: On Tue, Oct 06, 2015 at 09:35:08AM -0400, Rob

Re: [Freeipa-users] re-initialize replica

On 10/06/2015 10:30 AM, Andrew E. Bruno wrote: On Tue, Oct 06, 2015 at 10:22:44AM -0400, Rob Crittenden wrote: Andrew E. Bruno wrote: On Tue, Oct 06, 2015 at 09:35:08AM -0400, Rob Crittenden wrote: Andrew E. Bruno wrote: The replica is not showing up when running ipa-replica-manage list.

Re: [Freeipa-users] ruv issue?

On 06/23/2015 01:44 PM, Marc Wiatrowski wrote: So I have 3 servers, spider01a, spider01b, and spider01o [root@spider01a]$ ipa-replica-manage list-ruv Directory Manager password: spider01a.iglass.net:389 http://spider01a.iglass.net:389: 12 spider01o.iglass.net:389

Re: [Freeipa-users] replication again :-(

On 05/21/2015 09:15 AM, Ludwig Krispenz wrote: On 05/21/2015 03:04 PM, Janelle wrote: On 5/21/15 5:49 AM, Rich Megginson wrote: On 05/21/2015 06:25 AM, Janelle wrote: On 5/21/15 5:20 AM, thierry bordaz wrote: Hello Janelle, Those 3 RIDs were already present in Node dc2-ipa1, correct ?

Re: [Freeipa-users] replication again :-(

On 05/21/2015 09:59 AM, Janelle wrote: On 5/21/15 6:46 AM, Ludwig Krispenz wrote: On 05/21/2015 03:28 PM, Janelle wrote: I think I found the problem. There was a lone replica running in another DC. It was installed as a replica some time ago with all the others. Think of this -- the

Re: [Freeipa-users] replication again :-(

On 05/20/2015 10:17 AM, thierry bordaz wrote: On 05/20/2015 03:46 PM, Janelle wrote: On 5/20/15 6:01 AM, thierry bordaz wrote: On 05/20/2015 02:57 AM, Janelle wrote: On 5/19/15 12:04 AM, thierry bordaz wrote: On 05/19/2015 03:42 AM, Janelle wrote: On 5/18/15 6:23 PM, Janelle wrote: Once

Re: [Freeipa-users] IPA RUV unable to decode

On 05/05/2015 07:49 AM, Ludwig Krispenz wrote: On 05/05/2015 01:27 PM, Martin Kosek wrote: On 05/05/2015 12:38 PM, Vaclav Adamec wrote: Hi, I tried migrate to newest version IPA, but result is quite unstable and removing old replicas ends with RUV which cannot be decoded (it stucked in

Re: [Freeipa-users] Unexpected IPA Crashes

In regards to the hangs in the Directory Server that were observed, it seems related thread 15 that is polling waiting for something to come through the pipe which never happens. The default poll timeout is 180(or 30 minutes!). Reducing this timeout should resolve the hang. Example: #

Re: [Freeipa-users] Replication issue

/freeipa-users -- Mark Reynolds 389 Development Team Red Hat, Inc mreyno...@redhat.com ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Transfer user database to FreeIPA LDAP

-- Mark Reynolds Senior Software Engineer Red Hat, Inc mreyno...@redhat.com ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] regarding: backup/restore IPA servers with db2ldap.pl, ldap2db.pl

David, I can not reproduce this issue. This is what I've done using just 389 DS: [1] Create two instances: master and dedicated consumer [2] Setup replication and initialize consumer [3] Create 4 users on the master: a, b, c, d [4] do a db2ldif -r on the consumer [5] On master: delete 'c' [6]