ldapsearch -D "cn=directory manager" -W -b ""cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" -s one 'objectclass=*' nscpentrywsiBest regards
ldapsearch -D "cn=directory manager" -W -b ""cn=oxygen.eggvfx.ie <http://oxygen.eggvfx.ie>,cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" -s base 'objectclass=*' nscpentrywsi
Thank you Rob!I can confirm that when i try to even view the server from the UI the same error message appears (server not found) in a dialog box, so wherever the UI is querying from, it originates from the same place. I would also like to mention that while i was trying to remove the topology segments from oxygen to nitrogen there is another error that appears. I don't know how to remove a segment in the CLI (i tried and couldn't figure it out) but the output from the web UI is attached below. I believe this is normal behaviour if the server were active.
IPA Error 4203: DatabaseErrorServer is unwilling to perform: Removal of Segment disconnects topology.Deletion not allowed.
I've attached images explaining what i mean.I hope this helps you and Thierry!
Many Thanks,Jamal
Jamal Mahmoud / Pipeline TD
jamal.mahmoud@egg.ie35 Fitzwilliam Street Upper, Dublin.
P: +353 1 6345440
On 13 February 2018 at 21:14, Rob Crittenden <rcritten@redhat.com> wrote:
Jamal Mahmoud via FreeIPA-users wrote:
> Hi Rob,
>
> I've isolated the output on lithium when i ran
> ipa-replica-manage del oxygen.eggvfx.ie <http://oxygen.eggvfx.ie>
> --force --cleanup
> It's quite heavy still but here it is
This is helpful. It shows that oxygen is being looked for in the IPA
masters location, cn=masters and is returning err=32, not found.
What I don't know is why or where this query is coming from.
There are several queries that look like they might originate in the
389-ds topology plugin but I couldn't find where and I'm not familiar
with it in general. Queries like:
SRCH base="cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" scope=1 I'm not entirely sure when you invoke ipa-replica-manage if it is
filter="(objectClass=top)" attrs="ipaMaxDomainLevel cn ipaMinDomainLevel
ipaReplTopoManagedSuffix ipaLocation ipaServiceWeight"
calling the topology plugin under the hood or not. It almost certainly
is when you use the UI.
I'm cc'ing someone who knows this better.
rob
>
> [13/Feb/2018:09:14:45.823204160 +0000] conn=192207 fd=155 slot=155 SSL > <mailto:EGGVFX.IE@EGGVFX.IE>)(
> connection from 192.168.94.4 to 192.168.94.4
> [13/Feb/2018:09:14:46.027998523 +0000] conn=192207 TLS1.2 256-bit AES-GCM
> [13/Feb/2018:09:14:46.031226897 +0000] conn=45 op=31409 SRCH
> base="dc=eggvfx,dc=ie" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass= krbprincipal)(objectClass= ipakrbprincipal))(|( ipaKrbPrincipalAlias=krbtgt/EG GVFX.IE@EGGVFX.IE
krbPrincipalName: caseIgnoreIA5Match:=krbtgt/EGG VFX.IE@EGGVFX.IE
> <mailto:EGGVFX.IE@EGGVFX.IE>)))" attrs="krbPrincipalName
> krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences
> krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
> passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink
> objectClass"
> [13/Feb/2018:09:14:46.031713683 +0000] conn=45 op=31409 RESULT err=0 > <mailto:lithium.eggvfx.ie@
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:46.032193288 +0000] conn=45 op=31410 SRCH
> base="dc=eggvfx,dc=ie" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass= krbprincipal)(objectClass= ipakrbprincipal))(|( ipaKrbPrincipalAlias=ldap/lith ium.eggvfx.ie@EGGVFX.IE
EGGVFX.IE >)(krbPrincipalName:caseIgnoreIA5Match:=ldap/lithi um.eggvfx.ie@EGGVFX.IE
> <mailto:lithium.eggvfx.ie@EGGVFX.IE >)))" attrs="krbPrincipalName
> krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences
> krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
> passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink
> objectClass"
> [13/Feb/2018:09:14:46.032529772 +0000] conn=45 op=31410 RESULT err=0 > base="cn=EGGVFX.IE <http://EGGVFX.IE>,cn=
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:46.032696842 +0000] conn=45 op=31411 SRCH
kerberos,dc=eggvfx,dc=ie"
> scope=0 filter="(objectClass=krbticketpolicyaux)" > <mailto:admin@EGGVFX.IE>))" attrs="krbPrincipalName krbCanonicalName
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [13/Feb/2018:09:14:46.032904807 +0000] conn=45 op=31411 RESULT err=0
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:46.033085928 +0000] conn=45 op=31412 SRCH
> base="dc=eggvfx,dc=ie" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass= krbprincipal))( krbPrincipalName=admin@EGGVFX. IE
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences
> krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
> passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink
> objectClass"
> [13/Feb/2018:09:14:46.033377257 +0000] conn=45 op=31412 RESULT err=0 > base="cn=EGGVFX.IE <http://EGGVFX.IE>,cn=
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:46.033555617 +0000] conn=45 op=31413 SRCH
kerberos,dc=eggvfx,dc=ie"
> <http://nitrogen.eggvfx.ie>,> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [13/Feb/2018:09:14:46.033714662 +0000] conn=45 op=31413 RESULT err=0
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:46.034731567 +0000] conn=192207 op=0 BIND dn=""
> method=sasl version=3 mech=GSSAPI
> [13/Feb/2018:09:14:46.776688499 +0000] conn=192207 op=0 RESULT err=14
> tag=97 nentries=0 etime=1, SASL bind in progress
> [13/Feb/2018:09:14:46.777340050 +0000] conn=192207 op=1 BIND dn=""
> method=sasl version=3 mech=GSSAPI
> [13/Feb/2018:09:14:46.779800986 +0000] conn=192207 op=1 RESULT err=14
> tag=97 nentries=0 etime=0, SASL bind in progress
> [13/Feb/2018:09:14:46.780131803 +0000] conn=192207 op=2 BIND dn=""
> method=sasl version=3 mech=GSSAPI
> [13/Feb/2018:09:14:46.781745436 +0000] conn=192207 op=2 RESULT err=0
> tag=97 nentries=0 etime=0
> dn="uid=admin,cn=users,cn=accounts,dc=eggvfx,dc=ie"
> [13/Feb/2018:09:14:46.782496366 +0000] conn=192207 op=3 SRCH
> base="cn=mapping tree,cn=config" scope=2
> filter="(|(&(objectClass=nsds5ReplicationAgreement)( nsDS5ReplicaRoot=dc=eggvfx,dc= ie))(objectClass= nsDSWindowsReplicationAgreemen t))"
> attrs=ALL
> [13/Feb/2018:09:14:46.784970100 +0000] conn=192207 op=3 RESULT err=0
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:46.786072700 +0000] conn=192207 op=4 SRCH
> base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes
> objectClasses"
> [13/Feb/2018:09:14:46.992758156 +0000] conn=192207 op=4 RESULT err=0
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:47.274654147 +0000] conn=192208 fd=156 slot=156
> connection from local to /var/run/slapd-EGGVFX-IE.socket
> [13/Feb/2018:09:14:47.275257858 +0000] conn=192208 AUTOBIND
> dn="cn=Directory Manager"
> [13/Feb/2018:09:14:47.275266840 +0000] conn=192208 op=0 BIND
> dn="cn=Directory Manager" method=sasl version=3 mech=EXTERNAL
> [13/Feb/2018:09:14:47.275307838 +0000] conn=192208 op=0 RESULT err=0
> tag=97 nentries=0 etime=0 dn="cn=Directory Manager"
> [13/Feb/2018:09:14:47.286719997 +0000] conn=192208 op=1 SRCH
> base="cn=Domain Level,cn=ipa,cn=etc,dc=eggvfx,dc=ie" scope=0
> filter="(objectClass=*)" attrs="ipaDomainLevel"
> [13/Feb/2018:09:14:47.286848507 +0000] conn=192208 op=1 RESULT err=0
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:47.287228472 +0000] conn=192208 op=2 SRCH
> base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes
> objectClasses"
> [13/Feb/2018:09:14:47.464093684 +0000] conn=192208 op=2 RESULT err=0
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:47.828827335 +0000] conn=192208 op=3 SRCH
> base="cn=masters,cn=ipa,cn=etc,dc=eggvfx,dc=ie" scope=1
> filter="(objectClass=top)" attrs="ipaMaxDomainLevel cn ipaMinDomainLevel
> ipaReplTopoManagedSuffix ipaLocation ipaServiceWeight"
> [13/Feb/2018:09:14:47.829400972 +0000] conn=192208 op=3 RESULT err=0
> tag=101 nentries=3 etime=0
> [13/Feb/2018:09:14:47.834510410 +0000] conn=192208 op=4 SRCH
> base="cn=topology,cn=ipa,cn=etc,dc=eggvfx,dc=ie" scope=1
> filter="(objectClass=iparepltopoconf)" attrs="* cn ipaReplTopoConfRoot aci"
> [13/Feb/2018:09:14:47.834813555 +0000] conn=192208 op=4 RESULT err=0
> tag=101 nentries=2 etime=0
> [13/Feb/2018:09:14:47.845769945 +0000] conn=192208 op=5 SRCH
> base="cn=nitrogen.eggvfx.ie
cn=masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=0 filter="(objectClass=*)" attrs=""
> [13/Feb/2018:09:14:47.845875163 +0000] conn=192208 op=5 RESULT err=0 > <http://nitrogen.eggvfx.ie>,
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:47.846499455 +0000] conn=192208 op=6 SRCH
> base="cn=nitrogen.eggvfx.ie
cn=masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=2 filter="(cn=CA)" attrs="ipaConfigString cn"
> [13/Feb/2018:09:14:47.846716314 +0000] conn=192208 op=6 RESULT err=0 > <http://nitrogen.eggvfx.ie>,
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:47.847775298 +0000] conn=192208 op=7 SRCH
> base="cn=nitrogen.eggvfx.ie
cn=masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=2 filter="(|(cn=HTTP)(cn=KDC)(cn=KPASSWD))" attrs="ipaConfigString cn" > <http://nitrogen.eggvfx.ie>,
> [13/Feb/2018:09:14:47.848157025 +0000] conn=192208 op=7 RESULT err=0
> tag=101 nentries=3 etime=0
> [13/Feb/2018:09:14:47.850013297 +0000] conn=192208 op=8 SRCH
> base="cn=nitrogen.eggvfx.ie
cn=masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=2 filter="(|(cn=DNS)(cn=DNSKeySync))" attrs="ipaConfigString cn" > <http://nitrogen.eggvfx.ie>,
> [13/Feb/2018:09:14:47.850305924 +0000] conn=192208 op=8 RESULT err=0
> tag=101 nentries=2 etime=0
> [13/Feb/2018:09:14:47.851655036 +0000] conn=192208 op=9 SRCH
> base="cn=nitrogen.eggvfx.ie
cn=masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=2 filter="(cn=NTP)" attrs="ipaConfigString cn"
> [13/Feb/2018:09:14:47.851833457 +0000] conn=192208 op=9 RESULT err=0 > <http://nitrogen.eggvfx.ie>))" attrs="* aci"
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:47.852812885 +0000] conn=192208 op=10 SRCH
> base="cn=computers,cn=accounts,dc=eggvfx,dc=ie" scope=2
> filter="(&(memberOf=cn=adtrust
> agents,cn=sysaccounts,cn=etc,dc=eggvfx,dc=ie)(fqdn=nitrogen .eggvfx.ie
> [13/Feb/2018:09:14:47.853031311 +0000] conn=192208 op=10 RESULT err=0 > <http://nitrogen.eggvfx.ie>,
> tag=101 nentries=0 etime=0
> [13/Feb/2018:09:14:47.853536363 +0000] conn=192208 op=11 SRCH
> base="cn=nitrogen.eggvfx.ie
cn=masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=2 filter="(cn=KRA)" attrs="ipaConfigString cn"
> [13/Feb/2018:09:14:47.853649454 +0000] conn=192208 op=11 RESULT err=0 > <http://nitrogen.eggvfx.ie>,
> tag=101 nentries=0 etime=0
> [13/Feb/2018:09:14:47.854114915 +0000] conn=192208 op=12 SRCH
> base="cn=nitrogen.eggvfx.ie
cn=masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=2 filter="(cn=ADTRUST)" attrs="ipaConfigString cn"
> [13/Feb/2018:09:14:47.854224953 +0000] conn=192208 op=12 RESULT err=0 > <http://lithium.eggvfx.ie>,cn=
> tag=101 nentries=0 etime=0
> [13/Feb/2018:09:14:47.855353962 +0000] conn=192208 op=13 SRCH
> base="cn=lithium.eggvfx.ie
masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=0 filter="(objectClass=*)" attrs=""
> [13/Feb/2018:09:14:47.855449266 +0000] conn=192208 op=13 RESULT err=0 > <http://lithium.eggvfx.ie>,cn=
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:47.855936058 +0000] conn=192208 op=14 SRCH
> base="cn=lithium.eggvfx.ie
masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=2 filter="(cn=CA)" attrs="ipaConfigString cn"
> [13/Feb/2018:09:14:47.856125343 +0000] conn=192208 op=14 RESULT err=0 > <http://lithium.eggvfx.ie>,cn=
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:47.857152859 +0000] conn=192208 op=15 SRCH
> base="cn=lithium.eggvfx.ie
masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=2 filter="(|(cn=HTTP)(cn=KDC)(cn=KPASSWD))" attrs="ipaConfigString cn" > <http://lithium.eggvfx.ie>,cn=
> [13/Feb/2018:09:14:47.857517597 +0000] conn=192208 op=15 RESULT err=0
> tag=101 nentries=3 etime=0
> [13/Feb/2018:09:14:47.859268273 +0000] conn=192208 op=16 SRCH
> base="cn=lithium.eggvfx.ie
masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=2 filter="(|(cn=DNS)(cn=DNSKeySync))" attrs="ipaConfigString cn" > <http://lithium.eggvfx.ie>,cn=
> [13/Feb/2018:09:14:47.859490110 +0000] conn=192208 op=16 RESULT err=0
> tag=101 nentries=2 etime=0
> [13/Feb/2018:09:14:47.860775424 +0000] conn=192208 op=17 SRCH
> base="cn=lithium.eggvfx.ie
masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=2 filter="(cn=NTP)" attrs="ipaConfigString cn"
> [13/Feb/2018:09:14:47.860938889 +0000] conn=192208 op=17 RESULT err=0 > <http://lithium.eggvfx.ie>))" attrs="* aci"
> tag=101 nentries=1 etime=0
> [13/Feb/2018:09:14:47.861949875 +0000] conn=192208 op=18 SRCH
> base="cn=computers,cn=accounts,dc=eggvfx,dc=ie" scope=2
> filter="(&(memberOf=cn=adtrust
> agents,cn=sysaccounts,cn=etc,dc=eggvfx,dc=ie)(fqdn=lithium. eggvfx.ie
> [13/Feb/2018:09:14:47.862121230 +0000] conn=192208 op=18 RESULT err=0 > <http://lithium.eggvfx.ie>,cn=
> tag=101 nentries=0 etime=0
> [13/Feb/2018:09:14:47.862930080 +0000] conn=192208 op=19 SRCH
> base="cn=lithium.eggvfx.ie
masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=2 filter="(cn=KRA)" attrs="ipaConfigString cn"
> [13/Feb/2018:09:14:47.863048094 +0000] conn=192208 op=19 RESULT err=0 > <http://lithium.eggvfx.ie>,cn=
> tag=101 nentries=0 etime=0
> [13/Feb/2018:09:14:47.863563059 +0000] conn=192208 op=20 SRCH
> base="cn=lithium.eggvfx.ie
masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=2 filter="(cn=ADTRUST)" attrs="ipaConfigString cn"
> [13/Feb/2018:09:14:47.863674190 +0000] conn=192208 op=20 RESULT err=0 > <http://oxygen.eggvfx.ie>,cn=
> tag=101 nentries=0 etime=0
> [13/Feb/2018:09:14:47.864790724 +0000] conn=192208 op=21 SRCH
> base="cn=oxygen.eggvfx.ie
masters,cn=ipa,cn=etc,dc= eggvfx,dc=ie"
> scope=0 filter="(objectClass=*)" attrs=""
> [13/Feb/2018:09:14:47.864996898 +0000] conn=192208 op=21 RESULT err=32 > <http://www.egg.ie/>
> tag=101 nentries=0 etime=0
> [13/Feb/2018:09:14:47.918001361 +0000] conn=192207 op=5 UNBIND
> [13/Feb/2018:09:14:47.918035786 +0000] conn=192207 op=5 fd=155 closed - U1
> [13/Feb/2018:09:14:47.922593141 +0000] conn=192208 op=22 UNBIND
> [13/Feb/2018:09:14:47.922617042 +0000] conn=192208 op=22 fd=156 closed - U1
>
> For verbosity's sake i haven't done this on nitrogen also, unless it is
> required, if so let me know! I've also attached an image of the output
> from the command itself to show you the seemingly useless error message.
> Thanks again,
> Jamal Mahmoud
>
>
>
>
> *Jamal Mahmoud* / Pipeline TD
> jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>
>
> 35 Fitzwilliam Street Upper, Dublin.
> P: +353 1 6345440
>
> Twitter <https://twitter.com/EggPost>
> <https://www.facebook.com/egg.post/ > LinkedIn
> <http://www.linkedin.com/in/jamalmahmoud > Vimeo
> <https://vimeo.com/user9887735>
>
>
> <http://oxygen.eggvfx.ie>: server not found> <mailto:rcritten@redhat.com>> wrote:
>
> Jamal Mahmoud wrote:
> > Sure thing,
> > Output on* lithium*:
> >
> > [root@lithium ~]# ipa-replica-manage del oxygen.eggvfx.ie <http://oxygen.eggvfx.ie>
> > <http://oxygen.eggvfx.ie> --force --cleanup
> > oxygen.eggvfx.ie <http://oxygen.eggvfx.ie>
> <http://oxygen.eggvfx.ie>: server not found
>
> What is baffling me the most is that the string 'server not found' is
> not to be found in the IPA source. I can't tell where that is being
> generated.
>
> Can you provide a snippet of the 389-ds access log when you request the
> deletion? That is in /var/log/dirsrv/slapd-REALM/access
>
> Note that the log is write buffered so the content may not appear
> immediately.
>
> Seeing the queries being made and what the responses/errors are might
> give me some ideas.
>
> rob
>
> >
> >
> > [root@lithium ~]# ipa domainlevel-get
> > -----------------------
> > Current domain level: 1
> > -----------------------
> >
> >
> > Output on *nitrogen*:
> >
> > [root@nitrogen ~]# ipa-replica-manage del oxygen.eggvfx.ie <http://oxygen.eggvfx.ie>
> > <http://oxygen.eggvfx.ie> --force --cleanup
> > oxygen.eggvfx.ie <http://oxygen.eggvfx.ie>
> >
> >
> > [root@nitrogen ~]# ipa domainlevel-get
> > -----------------------
> > Current domain level: 1
> > -----------------------
> >
> > I hope this helps,
> >
> > Jamal
> >
> > <http://www.egg.ie/>
> >
> >
> >
> > *Jamal Mahmoud* / Pipeline TD
> > jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>
> <mailto:jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>>
> >
> > 35 Fitzwilliam Street Upper, Dublin.
> > P: +353 1 6345440 <tel:%2B353%201%206345440>
> >
> > Twitter <https://twitter.com/EggPost>
> > <https://www.facebook.com/egg.post/
> <https://www.facebook.com/egg.post/ >> LinkedIn
> > <http://www.linkedin.com/in/jamalmahmoud
> <http://www.linkedin.com/in/jamalmahmoud >> Vimeo
> > <https://vimeo.com/user9887735>
> >
> >
> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> wrote:
> >
> > Jamal Mahmoud via FreeIPA-users wrote:
> > > <https://vimeo.com/> > > Hi Rob,
> > >
> > > Just wondering if you had time to look at this issue for me? Still stuck
> > > in a state of limbo with this IDM and i have run out of options. Any
> > > help in resolving this issue would be appreciated.
> >
> > A few more questions.
> >
> > What is the output of: ipa domainlevel-get
> >
> > Can you show the full output of ipa-replica-manage del oxygen... --force
> > --cleanup
> >
> > And on what master are you running that?
> >
> > rob
> >
> > >
> > > Many Thanks,
> > > Jamal
> > >
> > >
> > > On 1 February 2018 at 17:04, Jamal Mahmoud <jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>
> <mailto:jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>>
> > > <mailto:jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>
> <mailto:jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>>>> wrote:
> > >
> > > Sorry about the lack of clarification Rob!
> > >
> > > I have 3 servers, all running CentOS 7.4, FreeIPA
> version 4.5.0. the
> > > hostnames are lithium, nitrogen and the recently
> deceased oxygen.
> > > all are masters under the same Realm which is EGGVFX.IE
> <http://EGGVFX.IE> <http://EGGVFX.IE>
> > > <http://EGGVFX.IE>
> > >
> > > The "server not found" error is exactly what shows when
> i try to
> > > delete the server from command line or the Web UI.
> > >
> > > When i run ipa-replica-manage list -v `hostname` this is
> the output
> > > from the servers:
> > >
> > > Lithium Output:
> > > root@lithium# ipa-replica-manage list -v `hostname`
> > > nitrogen.eggvfx.ie <http://nitrogen.eggvfx.ie>
> <http://nitrogen.eggvfx.ie>
> > <http://nitrogen.eggvfx.ie>: replica
> > > last init status: 0 Total update succeeded
> > > last init ended: 2018-02-01 10:51:14+00:00
> > > last update status: Error (0) Replica acquired
> successfully:
> > > Incremental update succeeded
> > > last update ended: 2018-02-01 16:24:37+00:00
> > >
> > > Nitrogen Output:
> > > root@nitrogen# ipa-replica-manage list -v `hostname`
> > > lithium.eggvfx.ie <http://lithium.eggvfx.ie>
> <http://lithium.eggvfx.ie>
> > <http://lithium.eggvfx.ie>: replica
> > > last init status: None
> > > last init ended: 1970-01-01 00:00:00+00:00
> > > last update status: Error (0) Replica acquired
> successfully:
> > > Incremental update succeeded
> > > last update ended: 2018-02-01 10:48:18+00:00
> > > oxygen.eggvfx.ie <http://oxygen.eggvfx.ie>
> <http://oxygen.eggvfx.ie>
> > <http://oxygen.eggvfx.ie>: replica
> > > last init status: None
> > > last init ended: 1970-01-01 00:00:00+00:00
> > > last update status: Error (-1) Problem connecting to
> replica -
> > > LDAP error: Can't contact LDAP server (connection error)
> > > last update ended: 1970-01-01 00:00:00+00:00
> > >
> > > There is no entries for oxygen in host-find. I hope this
> helps clear
> > > the story a bit for you.
> > >
> > > <http://www.egg.ie/>
> > >
> > >
> > >
> > > *Jamal Mahmoud* / Pipeline TD
> > > jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>
> <mailto:jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>>
> > <mailto:jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>
> <mailto:jamal.mahmoud@egg.ie <mailto:jamal.mahmoud@egg.ie>>>
> > >
> > > 35 Fitzwilliam Street Upper, Dublin.
> > > P: +353 1 6345440 <tel:%2B353%201%206345440>
> <tel:%2B353%201%206345440>
> > <tel:+353%201%20634%205440>
> > >
> > > Twitter <https://twitter.com/EggPost>
> > > <https://www.facebook.com/egg.post/ <https://www.facebook.com/egg.post/ >
> > <https://www.facebook.com/egg.post/
> <https://www.facebook.com/egg.post/ >>> LinkedIn
> > > <http://www.linkedin.com/in/jamalmahmoud
> <http://www.linkedin.com/in/jamalmahmoud >
> > <http://www.linkedin.com/in/jamalmahmoud
> <http://www.linkedin.com/in/jamalmahmoud >>> Vimeo
user9887735 <https://vimeo.com/user9887735>>
> > >
> > >
> > > On 1 February 2018 at 15:30, Rob Crittenden <rcritten@redhat.com <mailto:rcritten@redhat.com>
> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>
> > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>
> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>> wrote:
> > >
> > > Jamal Mahmoud via FreeIPA-users wrote:
> > > > I'm having strange issues with removing one of my
> > freeIPA masters, I
> > > > managed to mess up the deletion process and my system
> > seems to be stuck
> > > > in a state of limbo, my current setup is 3 servers ( 1
> > has been
> > > > decommissioned) that all share the CA/Domain
> > responsibilities. When i
> > > > run the command .>
> > > > *ipa-replica-manage list*
> > > > *
> > > > *it produces 3 servers as active masters, when
> this is not
> > > true as i
> > > > have uninstalled ipa-server on one. Trying to
> delete it
> > through that
> > > > command has given me no luck, even using *--force* and
> > > *--cleanup* does
> > > > not work. the same error output appears:
> > > >
> > > > *oxygen.eggvfx.ie <http://oxygen.eggvfx.ie>
> <http://oxygen.eggvfx.ie>
> > <http://oxygen.eggvfx.ie>
> > > <http://oxygen.eggvfx.ie>: server not found*
> > >
> > > I think we need more information. What version of IPA is
> > this, what
> > > distribution?
> > >
> > > Is the above error the exact error you are getting?
> > >
> > > As I understand it you ran ipa-server-install
> --uninstall and
> > > THEN tried
> > > to delete the master?
> > >
> > > What does ipa-replica-manage list -v `hostname` show
> on one of
> > > the other
> > > masters?
> > >
> > > > *
> > > > *
> > > > I'm not very good with ldap tools but after running
> > > >
> > > > *ldapsearch -x *
> > > > *
> > > > *there is a reference to the oxygen server still
> sitting in
> > > there, it
> > > > seems that the dirty entry is still hanging around my
> > system, i'm
> > > > wondering if there is any way to resolve this?
> > > >
> > > > ldapsearch output:
> > > > *defaultServerList: oxygen.eggvfx.ie
> <http://oxygen.eggvfx.ie>
> > <http://oxygen.eggvfx.ie> <http://oxygen.eggvfx.ie>
> > > <http://oxygen.eggvfx.ie>
> > > > nitrogen.eggvfx.ie <http://nitrogen.eggvfx.ie>
> <http://nitrogen.eggvfx.ie>
> > <http://nitrogen.eggvfx.ie>
> > > <http://nitrogen.eggvfx.ie> lithium.eggvfx.ie
> <http://lithium.eggvfx.ie>
> > <http://lithium.eggvfx.ie>
> > > <http://lithium.eggvfx.ie>
> > > > <http://lithium.eggvfx.ie>*
> > >
> > > An anonymous LDAP search won't show much.
> > >
> > > Does it show up in host-find?
> > >
> > > rob
> > >
> > > > *
> > > > Looking at the topology graph in the web ui i can see
> > that there are
> > > > still ties between one of my servers and oxygen.
> It will
> > also not allow
> > > > me to delete the server ties ( error: *Server is
> > unwilling to
> > > perform:
> > > > Removal of Segment disconnects topology.Deletion not
> > > allowed.)* nor will
> > > > the ui allow me to delete the IPA server
> > (*oxygen.eggvfx.ie <http://oxygen.eggvfx.ie>
> <http://oxygen.eggvfx.ie>
> > > <http://oxygen.eggvfx.ie>
> > > > <http://oxygen.eggvfx.ie>: server not found*)
> > > >
> > > > Any help is greatly appreciated,
> > > >
> > > > Many Thanks,
> > > > Jamal Mahmoud
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > FreeIPA-users mailing list --
> > > freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org >
> > <mailto:freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org >>
> > > <mailto:freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org >
> > <mailto:freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org >>>
> > > > To unsubscribe send an email to
> > > freeipa-users-leave@lists.fedorahosted.org
> <mailto:freeipa-users-leave@lists.fedorahosted.org >
> > <mailto:freeipa-users-leave@lists.fedorahosted.org
> <mailto:freeipa-users-leave@lists.fedorahosted.org >>
> > > <mailto:freeipa-users-leave@lists.fedorahosted.org
> <mailto:freeipa-users-leave@lists.fedorahosted.org >
> > <mailto:freeipa-users-leave@lists.fedorahosted.org
> <mailto:freeipa-users-leave@lists.fedorahosted.org >>>
> > > >
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > FreeIPA-users mailing list --
> freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org >
> > <mailto:freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org >>
> > > To unsubscribe send an email to
> > freeipa-users-leave@lists.fedorahosted.org
> <mailto:freeipa-users-leave@lists.fedorahosted.org >
> > <mailto:freeipa-users-leave@lists.fedorahosted.org
> <mailto:freeipa-users-leave@lists.fedorahosted.org >>
> > >
> >
> >
>
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
>