Hi Chris,
Apologies for the late reply.
You can try ldapsearch this way after generating a kerberos tgt and
setting basedn properly
(e.g. like basedn='dc=example,dc=com')
$ ldapsearch -Y GSSAPI -b cn=topology,cn=ipa,cn=etc,$basedn
This should show iparepltoposegment objects and topology-related information.
If all else fails and you need to see how objects are build into the
ldap tree you may dump the tree:
$ ldapsearch -Y GSSAPI -b $basedn
And search for objects still referencing your old host.
Cheers
François
On Sat, Jun 22, 2019 at 11:52 AM Christian Reiss via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
>
> Hello François,
>
> Thanks for replying.
> I did notice in some post from 2015 about ldap with some rudimentary
> ldap command. My ldap knowlegedge is truth be told not awesome (Yet, but
> learning).
>
> No matter how much I tortured ldapsearch I was unable to match pretty
> much anything. Not even the other two servers, so something is
> fundamentally wrong in my query.
>
> Even if I hit gold (in terms of finding something in ldap) removing it
> would even be as difficult.
>
> I am willing to learn but ldap and me were never best friends.
>
> Thanks!
> -Chris.
>
> On 22/06/2019 11:47, François Cami wrote:
> > Hi Christian,
> >
> > On Sat, Jun 22, 2019 at 12:13 AM Christian Reiss via FreeIPA-users
> > <freeipa-users(a)lists.fedorahosted.org> wrote:
> >>
> >> Hey folks,
> >>
> >> In my Test-Setup I have the following:
> >>
> >>
srv1.auth.alpha-labs.net
> >>
srv2.auth.alpha-labs.net
> >>
srv3.auth.alpha-labs.net
> >>
> >> srv1 is the freshly installed master.
> >> srv2 is a client, promoted to replication via ipa-replica-install.
> >> srv3 failed with ipa-replica-install. Now I can't proceed past:
> >>
> >> -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< --
-- 8< --
> >> [root@srv3 ~]# ipa-replica-install
> >> ipaserver.install.installutils: ERROR Unable to resolve the IP
> >> address 10.1.2.10 to a host name, check /etc/hosts and DNS name resolution
> >> Your system may be partly configured.
> >> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> >>
> >> ipapython.admintool: ERROR A replication agreement for this host
> >> already exists. It needs to be removed.
> >> Run this command:
> >> %% ipa-replica-manage del
srv3.auth.alpha-labs.net --force
> >> ipapython.admintool: ERROR The ipa-replica-install command failed.
> >> See /var/log/ipareplica-install.log for more information
> >> -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< -- -- 8< --
-- 8< --
> >>
> >> I tried (on srv1):
> >>
> >> - ipa-replica-manage del
srv3.auth.alpha-labs.net --cleanup --force
> >> - ipa-replica-manage disconnect
srv3.auth.alpha-labs.net
> >> - ipa-replica-manage del
srv3.auth.alpha-labs.net --force -v --no-lookup
> >> - ipa-replica-manage clean-dangling-ruv
> >> - ipa-replica-manage del --force
srv3.auth.alpha-labs.net
> >>
> >> As this is just a test setup I can easily drop everything and start
> >> over, but I really wonder how to fix that once we go live with a real
setup.
> >
> > Please search your ldap tree (using ldapsearch with admin credentials)
> > for remaining objects containing the to-delete server hostname.
> > You should find the replication agreements there.
> > If unsure of what to do next please reply to the list.
> >
> > François
> >
> >> Thanks in advance!
> >> Enjoy your weekend!
> >> -Chris.
> >>
> >> --
> >> Christian Reiss - email(a)christian-reiss.de /"\ ASCII Ribbon
> >> support(a)alpha-labs.net \ / Campaign
> >> X against HTML
> >> WEB
alpha-labs.net / \ in eMails
> >>
> >> GPG Retrieval
https://gpg.christian-reiss.de
> >> GPG ID ABCD43C5, 0x44E29126ABCD43C5
> >> GPG fingerprint = 9549 F537 2596 86BA 733C A4ED 44E2 9126 ABCD 43C5
> >>
> >> "It's better to reign in hell than to serve in heaven.",
> >> John Milton, Paradise lost.
> >>
> >> _______________________________________________
> >> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> >> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> >> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> >> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> >> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>
> --
> Christian Reiss - email(a)christian-reiss.de /"\ ASCII Ribbon
> support(a)alpha-labs.net \ / Campaign
> X against HTML
> WEB
alpha-labs.net / \ in eMails
>
> GPG Retrieval
https://gpg.christian-reiss.de
> GPG ID ABCD43C5, 0x44E29126ABCD43C5
> GPG fingerprint = 9549 F537 2596 86BA 733C A4ED 44E2 9126 ABCD 43C5
>
> "It's better to reign in hell than to serve in heaven.",
> John Milton, Paradise lost.
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...