I am trying to set the domain level for my IPA servers to level 1 from level 0. When I attempt to run:
ipa domainlevel-set 1
I get the following error:
ipa: ERROR: Domain Level cannot be raised to 1, existing replication conflicts have to be resolved.
At the moment, the server has no replicas. All of them have been removed.
-bash-4.2$ ipa-replica-manage list ipa1.chem.byu.edu: master
Any ideas as to why I am still getting this error?
Hey Kristian
I faced that months ago when I trying to do the same thing you are doing now. I solved the problem running LDAP searches filtering by nsds5ReplConflict. You might wanna take a look at https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/h.... It was useful for me and I hope that it helps you.
Cheers,
Givaldo Lins | Linux System Administrator RHC{SA,E,SA-RHOS,VA,JA,I,X,A} GPG Fingerprint: A81A 14CC FA18 4273 9CC6 8945 BEDA 981C 9C4E 388A mobile +1 (604) 366-5482 | skype: givaldolins
website | email
De: "Kristian Petersen via FreeIPA-users" freeipa-users@lists.fedorahosted.org Para: "FreeIPA users list" freeipa-users@lists.fedorahosted.org Cc: "Kristian Petersen" nesretep@chem.byu.edu Enviadas: Quinta-feira, 7 de setembro de 2017 9:37:33 Assunto: [Freeipa-users] Raising domain to level 1 from level 0
I am trying to set the domain level for my IPA servers to level 1 from level 0. When I attempt to run: ipa domainlevel-set 1
I get the following error:
ipa: ERROR: Domain Level cannot be raised to 1, existing replication conflicts have to be resolved.
At the moment, the server has no replicas. All of them have been removed.
-bash-4.2$ ipa-replica-manage list ipa1.chem.byu.edu : master
Any ideas as to why I am still getting this error?
Kristian Petersen via FreeIPA-users wrote:
I am trying to set the domain level for my IPA servers to level 1 from level 0. When I attempt to run:
ipa domainlevel-set 1
I get the following error:
ipa: ERROR: Domain Level cannot be raised to 1, existing replication conflicts have to be resolved.
At the moment, the server has no replicas. All of them have been removed.
-bash-4.2$ ipa-replica-manage list ipa1.chem.byu.edu http://ipa1.chem.byu.edu: master
Any ideas as to why I am still getting this error?
Removing agreements doesn't remove the entries that were created due to confict. See this to clean things up:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/9.0/h...
rob
Thanks to you both for the tips. I was able to get into LDAP directly and remove the entries causing the problems. Once I had done that, the domain level change was a breeze!
On Thu, Sep 7, 2017 at 1:25 PM, Rob Crittenden rcritten@redhat.com wrote:
Kristian Petersen via FreeIPA-users wrote:
I am trying to set the domain level for my IPA servers to level 1 from level 0. When I attempt to run:
ipa domainlevel-set 1
I get the following error:
ipa: ERROR: Domain Level cannot be raised to 1, existing replication conflicts have to be resolved.
At the moment, the server has no replicas. All of them have been
removed.
-bash-4.2$ ipa-replica-manage list ipa1.chem.byu.edu http://ipa1.chem.byu.edu: master
Any ideas as to why I am still getting this error?
Removing agreements doesn't remove the entries that were created due to confict. See this to clean things up:
https://access.redhat.com/documentation/en-us/red_hat_ directory_server/9.0/html/administration_guide/managing_ replication-solving_common_replication_conflicts
rob
freeipa-users@lists.fedorahosted.org