Cody Ashe-McNalley via FreeIPA-users wrote:
One of the replicas does NOT show the ca-error in `getcert list`.
Should I resync the other 2 from that replica?
It's curious that no conflict entries were found. I'd suggest looking
explicitly before doing a force re-init.
ldapsearch -x -D 'cn=directory manager' -W -b dc=example,dc=test
"(&(!(objectclass=nstombstone))(nsds5ReplConflict=*))"
At least rule them out. If it isn't a conflict then I'm not sure what is
causing the too many entries error.
rob