Was detached and deleted prior to the user's deletion. First modified by dn: cn=<USERID>,cn=groups,cn=accounts,dc=cxn changetype: modify delete: objectclass objectclass: mepManagedEntry - delete: mepManagedBy
Then deleted. -- *Sándor Juhász* System Administrator *ChemAxon* *Kft*. Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 Cell: +36704258964 On Wed, Aug 7, 2019 at 3:58 PM Rob Crittenden <rcrit...@redhat.com> wrote: > Sandor Juhasz via FreeIPA-users wrote: > > We have an entry, what after clicking delete on the UI got partially > > deleted. > > The compat tree entry is gone. > > The accounts tree entry is there. > > ldapsearch finds the entry by uid, but does fail by dn. > > ipa user-show <USERID> finds the user > > ipa user-del <USERID> says no such user > > ldapdelete fails to delete the entry by dn with err=32 > > Web ui shows user > > User content can be modified from ipa cli and web ui - like name, shell, > > but cannot be deleted > > Other entries can be created and deleted without issue. > > We have 4way master-master replication. Tried cli on 3 and got same > > result and issue. > > The third is not touched and the entry is available there both accounts > > and compat tree. > > > > > > ipa-server-4.6.4-10.el7.centos.3.x86_64 > > CentOS Linux release 7.6.1810 (Core) > > > > On full broken master: > > # <USERID>, users, accounts, cxn > > dn: uid=<USERID>,cn=users,cn=accounts,dc=cxn > > gecos: FOO BAR > > displayName: FOO BAR > > krbLastAdminUnlock: 20190807124134Z > > krbLoginFailedCount: 0 > > memberOf: cn=ipausers,cn=groups,cn=accounts,dc=cxn > > memberOf: cn=somegroup1,cn=groups,cn=accounts,dc=cxn > > memberOf: cn=somegroupt2,cn=groups,cn=accounts,dc=cxn > > gidNumber: <GID> > > uidNumber: <UID> > > ipaUniqueID: <RANDOMUNIQUEID> > > cn: BAZ > > givenName: FOO > > krbPrincipalName: <USERID>@CXN > > mail: <MAIL> > > homeDirectory: /home/<USERID> > > sn: BAR > > initials: cU > > loginShell: /bin/false > > objectClass: ipaobject > > objectClass: person > > objectClass: top > > objectClass: ipasshuser > > objectClass: inetorgperson > > objectClass: organizationalperson > > objectClass: krbticketpolicyaux > > objectClass: krbprincipalaux > > objectClass: inetuser > > objectClass: posixaccount > > objectClass: ipaSshGroupOfPubKeys > > objectClass: mepOriginEntry > > krbCanonicalName: <USERID>@CXN > > uid: <USERID> > > mepManagedEntry: cn=<USERID>,cn=groups,cn=accounts,dc=cxn > > krbPasswordExpiration: 20170615133527Z > > krbLastPwdChange: 20170615133527Z > > krbExtraData:: AAIfjUJZcm9vdC9hZG1pbkBDWE4A > > Can you check to see if the group entry exists, > cn=<USERID>,cn=groups,cn=accounts,dc=cxn via ldapsearch? > > rob >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org