On Tue, 2022-01-25 at 16:45 +0200, Alexander Bokovoy wrote:
>
> On another server, use the ipa server-del command to delete
> server.example.com from the topology:
Indeed, I missed this part. :-( I suppose this cannot be done now that
the machine has been redployed as a client correct?
# ipa host-show server.example.com
Host name: server.example.com
Platform: x86_64
Operating system: 4.18.0-305.25.1.el8_4.x86_64
Principal name: host/server.example.com@EXAMPLE.COM
Principal alias: host/server.example.com@EXAMPLE.COM
SSH public key fingerprint: [redacted]
Password: False
Member of host-groups: ipaservers
Member of HBAC rule: all_allow_mail_services
Keytab: True
Managed by: server.example.com
# ipa server-show server.example.com
ipa: ERROR: server.example.com: server not found
# ipa server-find
--------------------
1 IPA server matched
--------------------
Server name: server-staging.example.com
Min domain level: 1
Max domain level: 1
----------------------------
Number of entries returned 1
----------------------------
Could I attempt to add as a replica again, have it fail and then would
I be able to do the "ipa server-del"?
> Does using a raw LDAP delete help?
>
> ldapdelete -D cn=directory\ manager -W
> krbprincipalname=ldap/server.example.com@EXAMPLE.COM,cn=services,cn=a
> ccounts,dc=example,dc=com
I have not tried yet, pending the answer to the above questions. I
don't want to much around too much under the hood before I have to.
> If not, you might need to temporarily fix the LDAP entry schema
> consistency before deleting the object. It means you'd need to add
> krbPrincipalName attribute back.
I have no idea how to do that. I have not mucked around with LDAP
directly.
Cheers,
b.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure