Yes, performing a VLV search is a bit fiddly but you can do it like
this:
$ ldapsearch -LLL -D "cn=Directory Manager" -w $PASS -s one \
-b ou=ca,ou=requests,o=ipaca '(requeststate=*)' \
-E sss=requestId -E vlv=1/0:0820000000 requestId
Yes, you were right, the problem is with VLV indices.
On two nodes query returns:
$ ldapsearch -LLL -D "cn=Directory Manager" -W -s one -b
ou=ca,ou=requests,o=ipaca '(requeststate=*)' -E sss=requestId -E
vlv=1/0:0820000000 requestId
Enter LDAP Password:
dn: cn=19990007,ou=ca,ou=requests,o=ipaca
requestId: 0819990007
dn: cn=19990008,ou=ca,ou=requests,o=ipaca
requestId: 0819990008
# sortResult: (0) Success
# vlvResultpos=81 count=81 context= (0) Success
Press [before/after(/offset/count|:value)] Enter for the next window.
^C
And on the third node it's broken:
$ ldapsearch -LLL -D "cn=Directory Manager" -W -s one -b
ou=ca,ou=requests,o=ipaca '(requeststate=*)' -E sss=requestId -E
vlv=1/0:0820000000 requestId
Enter LDAP Password:
dn: cn=19990004,ou=ca,ou=requests,o=ipaca
requestId: 0819990004
dn: cn=19990005,ou=ca,ou=requests,o=ipaca
requestId: 0819990005
# sortResult: (0) Success
# vlvResultpos=13 count=13 context= (0) Success
Press [before/after(/offset/count|:value)] Enter for the next window.
^C
I'm going to rebuild indices, then restore overwritten requests from LDAP backup, and
then try to add a new replica to the FreeIPA cluster.
Thank you very much!
Regards,
Boris