Description of problem:

After deleting a replica, an attempt to connect to it should return an expected
error message.  If the connect is run without a kerberos ticket (like after a
kdestroy), or with the -p to indicate password on command line, it does.  If
run with a ticket that has the old server's info still listed, it fails with a
GSSAPI error.

Version-Release number of selected component (if applicable):
ipa-server-2.2.0-14.el6.x86_64

How reproducible:
Always


Steps to Reproduce:
1. <setup ipa master>
2. <setup ipa replica>
3. ipa-replica-manage del $SLAVE # on master
4. ipa-replica-manage connect $SLAVE

Actual results:

[root@spoore-dvm1 slapd-TESTRELM-COM]# ipa-replica-manage connect
spoore-dvm2.testrelm.com
SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code
may provide more information (Server ldap/spoore-dvm2.testrelm.com@TESTRELM.COM
not found in Kerberos database)


Expected results:

I would expect to see the same error message that I see here:

[root@kvm-guest-05 log]# ipa-replica-manage connect qe-blade-11.testrelm.com
Directory Manager password:

You cannot connect to a previously deleted master

Additional info: