William Faulk via FreeIPA-users wrote:
I've got a bunch of replication errors that I'm trying to
resolve with a re-initialization, but the biggest one right now is that one of my IPA
replicas has inconsistent LDAP attributes and I'm not sure of the best way to
proceed.
The inconsistent attributes are:
* ipaUniqueID
* krbPrincipalKey
* krbExtraData
* krbLastPwdChange
Certainly at least the first two seem really significant. I'm hesitant to
re-initialize and overwrite data about one of the IPA servers itself.
Should I try to delete it as a replica? Try to manually update the data on the replicas
with bad data? Just re-initialize from a replica with good data? For the latter two
options, how can I determine which data is the correct data?
I'm not sure how the same user can have different ipaUniqueID on
different servers. I suspect one or the other is a conflict entry.
A differing krbPrincipalKey means their password is different on
different servers. Not the end of the world but you might need to reset
it after resolving the replication issues.
Only you can determine which is the correct data. You'll need to
carefully examine it.
A re-init is less intensive than uninstall and re-install but either
will work, assuming you can't manually resolve the conflict entries.
rob