Somebody in my group was using an ipa command to rename a user’s login and the 
operation apparently failed. The audit log shows the operation was:

dn: uid=userX,cn=users,cn=accounts,dc=ourdomain,dc=com
changetype: modrdn
newrdn: uid=userY
deleteoldrdn: 1

… and the result was 1, which I assume is an error.

Doing ldapsearch on "dn: uid=userY" returns nothing, but a search on “dn: 
uid=userX” returns:

> ldapsearch -xLLL -h localhost -b cn=users,cn=accounts,dc=ourdomain,dc=com 
> uid=userX
dn: uid=userY,cn=users,cn=accounts,dc=ourdomain,dc=com
uid: userY

So, searching for uid=userX returns uid=userY!

Any ideas what could be going on? Dumping the database with db2ldif shows no 
mention of userY. So, I’m thinking that the transaction wasn’t committed and 
maybe restarting 389-ds will revert the bad change?


389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 

Reply via email to