Hi guys.
for what 'ipa-healthcheck' complains of:
{ "source": "ipahealthcheck.ds.replication", "check": "ReplicationCheck", "result": "WARNING", "uuid": "720d7af6-5a11-486f-a610-f6f06ec4d9e2", "when": "20230526202306Z", "duration": "0.054683", "kw": { "key": "DSREPLLE0002", "items": [ "Replication", "Conflict Entries" ], "msg": "There were 1 conflict entries found under the replication suffix "o=ipaca"." } },
and old trick finds not culprit:
-> $ ldapsearch -LLL -H ldaps://$(hostname) -Y GSSAPI -D 'cn=Directory Manager' -b 'o=ipaca' '(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))' nsds5ReplConflict SASL/GSSAPI authentication started SASL username: admin@MINE.PRIV SASL SSF: 256 SASL data security layer installed.
where is it hiding? many thanks, L.
Hi,
On Fri, May 26, 2023 at 10:26 PM lejeczek via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hi guys.
for what 'ipa-healthcheck' complains of:
{ "source": "ipahealthcheck.ds.replication", "check": "ReplicationCheck", "result": "WARNING", "uuid": "720d7af6-5a11-486f-a610-f6f06ec4d9e2", "when": "20230526202306Z", "duration": "0.054683", "kw": { "key": "DSREPLLE0002", "items": [ "Replication", "Conflict Entries" ], "msg": "There were 1 conflict entries found under the replication suffix "o=ipaca"." } },
and old trick finds not culprit:
-> $ ldapsearch -LLL -H ldaps://$(hostname) -Y GSSAPI -D 'cn=Directory Manager' -b 'o=ipaca' '(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))' nsds5ReplConflict SASL/GSSAPI authentication started SASL username: admin@MINE.PRIV SASL SSF: 256 SASL data security layer installed.
Re-try the same command but without the -Y GSSAPI option (otherwise if you
have an admin kerberos ticket, the operation is performed as admin instead of Directory Manager and the ACIs may hide some entries).
HTH, flo
where is it hiding? many thanks, L. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On 30/05/2023 08:21, Florence Blanc-Renaud wrote:
Hi,
On Fri, May 26, 2023 at 10:26 PM lejeczek via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi guys. for what 'ipa-healthcheck' complains of: { "source": "ipahealthcheck.ds.replication", "check": "ReplicationCheck", "result": "WARNING", "uuid": "720d7af6-5a11-486f-a610-f6f06ec4d9e2", "when": "20230526202306Z", "duration": "0.054683", "kw": { "key": "DSREPLLE0002", "items": [ "Replication", "Conflict Entries" ], "msg": "There were 1 conflict entries found under the replication suffix \"o=ipaca\"." } }, and old trick finds not culprit: -> $ ldapsearch -LLL -H ldaps://$(hostname) -Y GSSAPI -D 'cn=Directory Manager' -b 'o=ipaca' '(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))' nsds5ReplConflict SASL/GSSAPI authentication started SASL username: admin@MINE.PRIV SASL SSF: 256 SASL data security layer installed.Re-try the same command but without the -Y GSSAPI option (otherwise if you have an admin kerberos ticket, the operation is performed as admin instead of Directory Manager and the ACIs may hide some entries).
HTH, flo
right... man! thank you. (should the same apply to any other ldap user-manual, outside of ipa-tools, operation?)
freeipa-users@lists.fedorahosted.org
-
Florence Blanc-Renaud -
lejeczek