On 2/8/24 10:14 AM, Natxo Asenjo wrote:
On Thu, Feb 8, 2024 at 3:56 PM Mark Reynolds <mareynol(a)redhat.com> wrote:
What version of 389-ds-base is installed? There were bugs around
csn location that were fixed in the very latest version of the
LDAP server on RHEL 7.9. So make sure you are running the latest
version of 389-ds-base.
this is 1.3.10.2-12.el7_9
so not the latest one. And I cannot update right now because of other
issues. Does this version have this csn problem?
Yes it does. It was fixed in: 1.3.10.2-17
Regards,
Mark
As for replication being broken, you can confirm this by making a
"dummy" change somewhere and checking if that change is present on
the other replicas (give it some time to replicate of course, but
it shouldn't take more than a few seconds).
As for re-initializing just make sure you are initing from the
most current/accurate replica.
yes, I saw we can use ipa topologysegent-reinitialize with just the
domain suffix, so this should avoid overwriting the CA suffix (phew).
Thanks.
--
Identity Management Development Team