Hi,
in your first message, the output of
$ dsconf -D "cn=Directory Manager" ldap://$(hostname) repl-conflict
list-glue "dc=noc,dc=net"
mentions:
dn: cn=sg1-replica.noc.net,cn=masters,cn=ipa,cn=etc,dc=noc,dc=net
*nsds5replconflict: deletedEntryHasChildren*
It means that the replication tried to delete this entry on 1 server but
there were subentries below that one.
Is this replica
sg1-replica.noc.net still present in the topology? If it
has been removed, you can delete the entry and its children. Otherwise you
need to keep it.
The other conflict is dn: krbprincipalname=HTTP/mi1-replica.noc.net(a)NOC.NET
+nsuniqueid=0264df8b-fca611ee-a3cba8b9-8a6b8039,cn=services,cn=accounts,dc=noc,dc=net
Can you show the content of the entry and the content of the conflict
entry? The differences may help understand why there is a conflict.
ldapsearch -D "cn=directory manager" -W -b krbprincipalname=HTTP/
mi1-replica.noc.net(a)NOC.NET
+nsuniqueid=0264df8b-fca611ee-a3cba8b9-8a6b8039,cn=services,cn=accounts,dc=noc,dc=net
ldapsearch -D "cn=directory manager" -W -b krbprincipalname=HTTP/
mi1-replica.noc.net(a)NOC.NET,cn=services,cn=accounts,dc=noc,dc=net
flo
On Tue, Apr 23, 2024 at 12:08 PM Lee Csk via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
> ipa-server-4.9.12-14 fixes this issue:
>
https://issues.redhat.com/browse/RHEL-28847 and must be installed with
the
> corresponding bind update that fixes
>
https://issues.redhat.com/browse/RHEL-25648: bind-9.11.36-11.el8_9.1
> Do you have the right bind version?
>
> flo
I do not have access to those RHEL issues unfortunately.
That is a good point however, observed that various replica servers
running different bind versions.
Some: bind-9.11.36-11.el8_9.x86_64
Others: bind-9.11.36-11.el8_9.1.x86_64
We are updating them now slowly, and already updated 2 replica servers to
the latest bind version - however the LDAP Conflicts don't disappear.
Thanks,
Lee
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue