On Tue, 2022-01-25 at 09:18 -0500, Rob Crittenden wrote:
So this was formerly a server and you ran ipa-server-install --uninstall.
Correct.
Did you also run ipa server-del?
No. I thought ipa-server-install --uninstall would do all of the work.
Was this server running additional, non-IPA services?
Yes.
Then you ran ipa-client-install?
Correct, as a prerequisite for running ipa-replica-install.
You didn't have any issues with this host is already enrolled?
No, it's enrolled right now and happily providing gssapi-authenticated services.
How are you trying to remove the ldap service principal?
In the GUI. Clicking on ldap/server.example.com@EXAMPLE.COM and then clicking the delete button there.
Is there something special about the client config that you can't uninstall the client to ensure the host and service entries for it are cleaned up?
The client has been uninstalled (as a result of ipa-replica-install -- or maybe it's ipa-server-install you are told to do when ipa-replica- install fails) --uninstall and re-installed (as a prerequisite to ipa- replica-install, per https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm..., but I am also now seeing https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm... but the first link was how I set up the server I am now trying to replicate from).
Honestly though, I don't care which process I use. I was just using what had worked before.
Cheers, b.