On 30/05/2023 08:21, Florence Blanc-Renaud wrote:
Hi,
On Fri, May 26, 2023 at 10:26 PM lejeczek via
FreeIPA-users <freeipa-users(a)lists.fedorahosted.org> wrote:
Hi guys.
for what 'ipa-healthcheck' complains of:
{
"source": "ipahealthcheck.ds.replication",
"check": "ReplicationCheck",
"result": "WARNING",
"uuid": "720d7af6-5a11-486f-a610-f6f06ec4d9e2",
"when": "20230526202306Z",
"duration": "0.054683",
"kw": {
"key": "DSREPLLE0002",
"items": [
"Replication",
"Conflict Entries"
],
"msg": "There were 1 conflict entries found
under the replication suffix \"o=ipaca\"."
}
},
and old trick finds not culprit:
-> $ ldapsearch -LLL -H ldaps://$(hostname) -Y GSSAPI
-D 'cn=Directory Manager' -b 'o=ipaca'
'(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))'
nsds5ReplConflict
SASL/GSSAPI authentication started
SASL username: admin(a)MINE.PRIV
SASL SSF: 256
SASL data security layer installed.
Re-try the same command but without the -Y GSSAPI option
(otherwise if you have an admin kerberos ticket, the
operation is performed as admin instead of Directory
Manager and the ACIs may hide some entries).
HTH,
flo
right... man! thank you. (should the same apply to any other
ldap user-manual, outside of ipa-tools, operation?)