On Thu, Feb 8, 2024 at 3:56 PM Mark Reynolds <mareynol(a)redhat.com> wrote:
What version of 389-ds-base is installed? There were bugs around
csn
location that were fixed in the very latest version of the LDAP server on
RHEL 7.9. So make sure you are running the latest version of 389-ds-base.
this is 1.3.10.2-12.el7_9
so not the latest one. And I cannot update right now because of other
issues. Does this version have this csn problem?
As for replication being broken, you can confirm this by making a "dummy"
change somewhere and checking if that change is present on the other
replicas (give it some time to replicate of course, but it shouldn't take
more than a few seconds).
As for re-initializing just make sure you are initing from the most
current/accurate replica.
yes, I saw we can use ipa topologysegent-reinitialize with just the domain
suffix, so this should avoid overwriting the CA suffix (phew).
Thanks.