If this is the correct search, then no. It's gone.
# ldapsearch -D 'cn=directory manager' -b 'o=ipaca' -W Enter LDAP Password:
# extended LDIF # # LDAPv3 # base <o=ipaca> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1
On 02/21/2018 11:45 AM, Jochen Hein wrote:
Bret Wortman via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
I may be going about this in the hardest way possible, so let me stop and roll everything back to my root need:
I have two IPA servers which manage our infrastructure. We used to have three, but a catastrophic failure on one led to its total loss. And it was our CA.
So now we have no CA -- is there a way to promote an existing system to take over? I realize it may well mean distributing a new root CA cert to everyone, but that seems less painful now than trying to set up a brand new cluster of servers and try to port our data over to them...
I'd start looking for the ca data in LDAP. If you still have it, you might be lucky - if not there's no way to recreate the data (beside from a backup of the failed server - which I guess doesn't exist any longer).
Do you have a tree o=ipaca in your LDAP?
Jochen