Hi guys.
for what 'ipa-healthcheck' complains of:
{
"source": "ipahealthcheck.ds.replication",
"check": "ReplicationCheck",
"result": "WARNING",
"uuid": "720d7af6-5a11-486f-a610-f6f06ec4d9e2",
"when": "20230526202306Z",
"duration": "0.054683",
"kw": {
"key": "DSREPLLE0002",
"items": [
"Replication",
"Conflict Entries"
],
"msg": "There were 1 conflict entries found under the
replication suffix \"o=ipaca\"."
}
},
and old trick finds not culprit:
-> $ ldapsearch -LLL -H ldaps://$(hostname) -Y GSSAPI -D
'cn=Directory Manager' -b 'o=ipaca'
'(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))'
nsds5ReplConflict
SASL/GSSAPI authentication started
SASL username: admin@MINE.PRIV
SASL SSF: 256
SASL data security layer installed.
Re-try the same command but without the -Y GSSAPI option (otherwise if you have an admin kerberos ticket, the operation is performed as admin instead of Directory Manager and the ACIs may hide some entries).
HTH,
flo
where is it hiding?
many thanks, L.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue