Hi,

can you check if there are replication conflicts? Use the below command (and replace $BASEDN with your base dn, for instance dc=site5,dc=example,dc=com)
ldapsearch -D "cn=Directory Manager" -W -b $BASEDN "(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))" \* nsds5ReplConflict

If you find some conflicts you can refer to https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/managing_replication-solving_common_replication_conflicts#doc-wrapper

HTH,
flo

On Sat, Jun 1, 2024 at 5:10 AM Satish Patel <satish.txt@gmail.com> wrote:
Any help here, freeIPA giving me a hard time. I am not able to remove bad replicas. I have tried all possible options and google + chatGPT whatever I can do but none helping. is there any way I can remove bad replicas from my freeIPA? 

On Thu, May 16, 2024 at 11:00 AM Satish Patel <satish.txt@gmail.com> wrote:
Hi Florence,

I have run all the possible commands but that thing isn't going away :(  Even I even tried to search inside ldapsearch to see if I can manually remove them from ldap DB but it's not there either. I don't know who is holding this information. 

[root@ldap-vx-010101-4 ~]# ipa-replica-manage del ldap-vx-010103-4.site5.example.com --clean --force
ipa: WARNING: Forcing removal of ldap-vx-010103-4.site5.example.com
ipa: WARNING: Ignoring topology connectivity errors.
ipa: WARNING: Ignoring these warnings and proceeding with removal
ipa: WARNING: Failed to cleanup ldap-vx-010103-4.site5.example.com DNS entries: no such entry
ipa: WARNING: You may need to manually remove them from the tree
ipa: WARNING: Server has already been deleted
-----------------------------------------------------
Deleted IPA server "ldap-vx-010103-4.site5.example.com"
-----------------------------------------------------



[root@ldap-vx-010101-4 ~]# ipa server-del ldap-vx-010103-4.site5.example.com --force
Removing ldap-vx-010103-4.site5.example.com from replication topology, please wait...
ipa: WARNING: Forcing removal of ldap-vx-010103-4.site5.example.com
ipa: WARNING: Failed to cleanup ldap-vx-010103-4.site5.example.com DNS entries: no such entry
ipa: WARNING: You may need to manually remove them from the tree
ipa: WARNING: Server has already been deleted
-----------------------------------------------------
Deleted IPA server "ldap-vx-010103-4.site5.example.com"
-----------------------------------------------------


Still I can see it in list

ldap-vx-010103-4.site5.example.com: replica
  last init status: Error (0)
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (0) No replication sessions started since server startup
  last update ended: 1970-01-01 00:00:00+00:00




On Thu, May 16, 2024 at 1:48 AM Florence Blanc-Renaud <flo@redhat.com> wrote:
Hi,

On Thu, May 16, 2024 at 4:05 AM Satish Patel via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
Folks,

I am trying to build some replicas and somehow they failed but because they are half baked they are stuck in master nodes and not letting me remove them. I have tried all the options and don't know how to get rid of them. 

I want to remove ldap-vx-010103-1.site5.example.com and ldap-vx-010103-2.site5.example.com. I have removed them from topology and from host and hostgroup ipaservers list but no luck. I have totally shut down replicas nodes but still no luck. Are there any good ways to clean them up? 

The commands "ipa server-del <hostname> --force" or "ipa-replica-manage del <hostname> --clean --force" should be able to remove references to those servers, even if they are shutdown. You need to run the command on a working server.

HTH,
flo

[root@ldap-vx-010101-4 ~]# ipa-replica-manage list -v `hostname`
ldap-vx-010101-1.site5.example.com: replica
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (0) Replica acquired successfully: Incremental update succeeded
  last update ended: 2024-05-16 01:58:02+00:00
ldap-vx-010101-2.site5.example.com: replica
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (0) Replica acquired successfully: Incremental update succeeded
  last update ended: 2024-05-16 01:58:02+00:00
ldap-vx-010101-3.site5.example.com: replica
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (0) Replica acquired successfully: Incremental update succeeded
  last update ended: 2024-05-16 01:58:02+00:00
ldap-vx-010101-5.site5.example.com: replica
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (0) Replica acquired successfully: Incremental update succeeded
  last update ended: 2024-05-16 01:58:02+00:00
ldap-vx-010103-1.site5.example.com: replica
  last init status: Error (0)
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (-1) Problem connecting to replica - LDAP error: Can't contact LDAP server (connection error)
  last update ended: 2024-05-11 10:30:33+00:00
ldap-vx-010103-2.site5.example.com: replica
  last init status: Error (0) Total update succeeded
  last init ended: 2024-05-10 20:35:02+00:00
  last update status: Error (-1) Problem connecting to replica - LDAP error: Can't contact LDAP server (connection error)
  last update ended: 1970-01-01 00:00:00+00:00
ldap-vx-010103-3.site5.example.com: replica
  last init status: Error (0) Total update succeeded
  last init ended: 2024-05-10 21:14:53+00:00
  last update status: Error (0) Replica acquired successfully: Incremental update succeeded
  last update ended: 2024-05-16 01:58:02+00:00
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue