Tested this again making sure that dirsrv is not running and the replica record is back.
I am obviously doing something wrong. My steps are below. I appreciate your time on
this.
#
# check dirsrv is currently running
#
[root@ipa006 ~]# ps aux | grep dirsrv
dirsrv 3221639 31.4 5.4 2418488 883856 ? Ssl Apr24 322:04 /usr/sbin/ns-slapd -D
/etc/dirsrv/slapd-AD-companyx-FM -i /run/dirsrv/slapd-AD-companyx-FM.pid
root 3281205 0.0 0.0 6412 2204 pts/2 S+ 09:11 0:00 grep --color=auto
dirsrv
#
# shutdown dirsrv
#
[root@ipa006 ~]# time systemctl stop dirsrv(a)AD-companyx-FM.service
real 10m0.130s
user 0m0.009s
sys 0m0.012s
#
# check dirsrv is not running 1
#
[root@ipa006 ~]# ps aux | grep dirsrv
root 3282962 0.0 0.0 6412 2244 pts/2 S+ 09:47 0:00 grep --color=auto
dirsrv
#
# check dirsrv is not running 2
#
[root@ipa006 slapd-AD-companyx-FM]# ipactl status
Directory Service: STOPPED
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
1 service(s) are not running
#
# go to right folder
#
[root@ipa006 ~]# cd /etc/dirsrv/slapd-AD-companyx-FM/
#
# make a backup just incase
#
[root@ipa006 slapd-AD-companyx-FM]# cp dse.ldif dse.ldif.nickx-25apr23
#
# edit ldif
#
[root@ipa006 slapd-AD-companyx-FM]# vi dse.ldif
#
# remove this record. Hoping its the right thing to do.
#
dn:
cn=ipa006.ad.companyx.fm-to-bad_serverdc.ad.companyx.fm,cn=replica,cn=dc\3Dad\2Cdc\3Ddi
ce\2Cdc\3Dfm,cn=mapping tree,cn=config
objectClass: nsds5replicationagreement
objectClass: ipaReplTopoManagedAgreement
objectClass: top
cn: ipa006.ad.companyx.fm-to-bad_serverdc.ad.companyx.fm
nsDS5ReplicaHost: bad_serverdc.ad.companyx.fm
nsDS5ReplicaPort: 389
nsds5replicaTimeout: 300
nsDS5ReplicaRoot: dc=ad,dc=companyx,dc=fm
description: ipa006.ad.companyx.fm to bad_serverdc.ad.companyx.fm
ipaReplTopoManagedAgreementState: managed agreement - generated by topology pl
ugin
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
creatorsName: cn=IPA Topology Configuration,cn=plugins,cn=config
modifiersName: cn=IPA Topology Configuration,cn=plugins,cn=config
createTimestamp: 20230425095140Z
modifyTimestamp: 20230425095140Z
#
# check no records exist in dse.ldif
#
[root@ipa006 slapd-AD-companyx-FM]# grep bad_server dse.ldif
[root@ipa006 slapd-AD-companyx-FM]#
[root@ipa006 slapd-AD-companyx-FM]# time systemctl start dirsrv(a)AD-companyx-FM.service
real 0m12.343s
user 0m0.006s
sys 0m0.007s
#
# Look in logs
#
Apr 25 09:51:51 ipa006.ad.companyx.fm ns-slapd[3283119]: [25/Apr/2023:09:51:51.484197325
+0000] - ERR - NSMMReplicationPlugin - bind_and_check_pwp -
agmt="cn=ipa006.ad.companyx.fm-to-bad_serverdc.ad.companyx.fm"
(bad_serverdc:389) - Replication bind with GSSAPI auth failed: LDAP error -1 (Can't
contact LDAP server) ()
#
# check dse.ldif again - find entry is back !
#
[root@ipa006 slapd-AD-companyx-FM]# grep bad_server dse.ldif
dn:
cn=ipa006.ad.companyx.fm-to-bad_serverdc.ad.companyx.fm,cn=replica,cn=dc\3Dad\2Cdc\3Ddi
cn: ipa006.ad.companyx.fm-to-bad_serverdc.ad.companyx.fm
nsDS5ReplicaHost: bad_serverdc.ad.companyx.fm
description: ipa006.ad.companyx.fm to bad_serverdc.ad.companyx.fm
#
# scratch head and ponder life, the universe and everything
#