...
- SSH to the current LDAP machine you have
- become root
- Run the following
Code Block python3 /usr/libexec/ipa/oddjob/org.freeipa.server.config-enable-sid --add-sids
- restart ipa
Code Block ipactl restart
- finally kinit with the LDAP admin user ( you can find it in Morpheus Cypher → secret/ipaadmin_username, password/ipaadmin and try to run ipa commands to verify the above error is no more there)
Code Block kinit <ldap-admin-user>
- Finish procedure for new rocky 8 replica
- Delete OLD LDAP machine DNS records
Code Block ipa-replica-manage del OLD_LDAP_HOSTNAME --force - Replace the NEW LDAP machine IP DNS records replace the new LDAP IP with the IP of the interface of the old LDAP OLD LDAP machine
Code Block ipa dnsrecord-mod DNS_HOSTED_ZONE ipa-ca --a-rec OLD_LDAP_PRIVATE_IP ipa dnsrecord-mod DNS_HOSTED_ZONE NEW_LDAP_HOSTNAME --a-rec OLD_LDAP_PRIVATE_IP
- Edit the /etc/hosts file and make sure it is as follow:
Code Block [murdaca@ipa ~]$ cat /etc/hosts <!-- BEGIN ANSIBLE MANAGED BLOCK --> OLD_LDAP_PRIVATE_IP NEW_LDAP_HOSTNAME <!-- END ANSIBLE MANAGED BLOCK -->
- Delete OLD LDAP machine DNS records
where:
- DNS_HOSTED_ZONE→ logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_domain
- OLD_LDAP_PRIVATE_IP → logging in Morpheus → Provisioning → Instances, check your OLD LDAP VM IP address
- OLD_LDAP_HOSTNAME → logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_hostname
- NEW_LDAP_HOSTNAME → <name-of-the-machine>.<tenancy-domain> where tenancy-domain → logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_domain (e.g. the result should be something like ldap-test-rocky.eumetsat.sandbox.ewc). Alternatively you can find it in /etc/hosts file in your new LDAP machine
Resource: https://access.redhat.com/solutions/7052125
...