One of the ldap service principals is missing. Replication agreement cannot be converted. - FreeIPA-users - Fedora mailing-lists

5 Jan 2018


      I've had a short conversation about this in irc channel, but figured I'd open a ticket to keep a track of things.
We are trying to reinstall a replica (replica-x1) but it errors out with the above error message. The logs of ipa-replica-install.log are belowI've tried following a similar issue hereRe: [Freeipa-users] Error setting up Replication: ldap service principal
|  
|   |  
Re: [Freeipa-users] Error setting up Replication: ldap service principal
   |  |
|
but am having problem executing a command as suggested by Ludwig.I'm tryingdb2index.pl -D cn='Directory Manager' -v -w - -t entryrdn
on the server.pop.domain (source server) but that just gives --help message. At any rate speaking to Rob this may not even be the correct step to take.PS: I have made sure to uninstall the original replica and also ipa-replica del replica-x1.pop --force on the source server.2018-01-05T21:23:57Z DEBUG Process finished, return code=02018-01-05T21:23:57Z DEBUG stdout=add objectclass:2018-01-05T21:23:57Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-DOMAIN-LOCAL.socket/??base )2018-01-05T21:23:57Z DEBUG   duration: 0 seconds2018-01-05T21:23:57Z DEBUG   [5/7]: enable GSSAPI for replication2018-01-05T21:23:57Z DEBUG flushing ldaps://replica-x1.pop.domain.local:636 from SchemaCache2018-01-05T21:23:57Z DEBUG retrieving schema for SchemaCache url=ldaps://replica-x1.pop.domain.local:636 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x74bd098>2018-01-05T21:24:00Z DEBUG flushing ldaps://server.pop.domain.local:636 from SchemaCache2018-01-05T21:24:00Z DEBUG retrieving schema for SchemaCache url=ldaps://server.pop.domain.local:636 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xb76f128>2018-01-05T21:24:03Z DEBUG Unable to find entry for (krbprincipalname=ldap/replica-x1.pop.domain.local@domain.local) on server.pop.domain.local:636......2018-01-05T21:27:37Z DEBUG Unable to find entry for (krbprincipalname=ldap/replica-x1.pop.domain.local@domain.local) on server.pop.domain.local:6362018-01-05T21:27:39Z DEBUG Traceback (most recent call last):2018-01-05T21:27:39Z DEBUG   [error] RuntimeError: One of the ldap service principals is missing. Replication agreement cannot be converted.2018-01-05T21:27:39Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute2018-01-05T21:27:39Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: One of the ldap service principals is missing. Replication agreement cannot be converted.root@replica-x1.pop.domain.local: /var/log/ipa$