title: Cleanup of referrals from old replication agreements in Sun Directory link: https://onemoretech.wordpress.com/2010/02/17/cleanup-of-referrals-from-old-replication-agreements-in-sun-directory/ author: lembobro description: post_id: 190 created: 2010/02/17 16:25:50 created_gmt: 2010/02/17 16:25:50 comment_status: open post_name: cleanup-of-referrals-from-old-replication-agreements-in-sun-directory status: publish post_type: post

Cleanup of referrals from old replication agreements in Sun Directory

A brief note on curing an issue I’ve run into on Sun Directory Server. We recently retired a couple of master directories in the environment. After the replication agreements were removed it was noticed that the LDAP referral entries for the old servers were still in place, even though they’d been manually deleted a couple of times (you can find these referral entries in the gui console under the Configuration tab by highlighting the root suffix you’re interested in and clicking on the Settings tab — they’re listed under “Referrals to Return”).

Because this was a multi-master replicated environment just pushing the delete button wasn’t going to do the trick. We needed something closer to the system level.

That’s when I chanced upon Marcus Ares’s On CLEANRUV blog post.

Basically the procedure is to “locate the evil replicaid” and then task the server with removing it. Once that’s done, you can go ahead and manually remove the referral using the console.

Finding the replicaid requires doing a little ldapsearch work:

ldapsearch -x -h [ldaphost] -D "cn=directory manager" -W -b "cn=config" -s sub "(objectclass=nsds5replica)" nsds50ruv

What this will return is something like:

`

nsds50ruv: {replicageneration} 426acd61002001410101
nsds50ruv: {replica 101 ldap://ldap1.example.com:389} 4c5d21bf00001af80000 5
 b7c107800001af50000
nsds50ruv: {replica 201 ldap://ldap2.example.com:389} 4b5c45fb00001b590000 4
 b7c108500001b590000
nsds50ruv: {replica 301 ldap://ldap3.example.com:389} 4db5c45fb00001b590000 4
 c9c108500001b5800101

`

In the example above, the replicaids are “101”, “201” and “301” (these were assigned to each server when replication was originally enabled on them).

To remove, say the last replica from this list, you’d use ldapmodify to apply the following LDIF:

`

dn: cn=replica,cn="dc=example,dc=com",cn=mapping tree,cn=config
changetype: modify
replace: nsds5task
nsds5task: CLEANRUV 301

`

For this to work you should apply the change to all remaining master directories within a minute or two of each other, otherwise replication will undue your hard work.

After giving the system a few minutes to chew on this task, you can go to the console and delete the offending referral.

Copyright 2004-2019 Phil Lembo