Hi, According to the code [1], this error happens in the deref plugin when it performs an internal search but doesn't find any entry. I would try to enable the internal searches logging (follow this doc [2] and [3]) to identify the internal search and understand what is missing.
HTH, flo [1] https://github.com/389ds/389-ds-base/blob/cf4c82c21595aff31d58e7ed97ed9a1c5936d00f/ldap/servers/plugins/deref/deref.c#L608 [2] https://access.redhat.com/documentation/en-us/red_hat_directory_server/12/html-single/configuration_and_schema_reference/index#ref_nsslapd-accesslog-level_assembly_cn-config [3] https://access.redhat.com/documentation/en-us/red_hat_directory_server/12/html-single/configuration_and_schema_reference/index#ref_nsslapd-plugin-logging_assembly_cn-config On Wed, Oct 5, 2022 at 10:39 PM Ryan Slominski via FreeIPA-users < [email protected]> wrote: > Hi FreeIPA users, > I've got a username in the preserved list that is bugged. If you try > to search for the record on the web UI it throws an error, but still shows > a record in the result table. On the UI the error is in a dialog box that > reads: "Operations Error" with "Some operations failed.". In the > /var/log/dirsrv/slapd-REDACTED/errors file the error is: > > [05/Oct/2022:13:20:01.492580320 -0400] - WARN - deref-plugin - > deref_do_deref_attr - conn=3223751 op=105 - failed to retrieve the entry > [uid=redacted=users,cn=accounts,dc=acc,dc=redacted,dc=org], although the > entry exists > > Tried to manually restore and manually delete with no luck: > > ipa user-undel redacted > ipa: ERROR: redacted: user not found > > ipa user-del redacted > ipa: ERROR: redacted: user not found > > kadmin.local: delprinc redacted > Are you sure you want to delete the principal "redacted@REDACTED"? > (yes/no): yes > delete_principal: Kerberos database constraints violated while deleting > principal "redacted@REDACTED" > > > > ldapsearch -Y GSSAPI -LL -b "uid=redacted,cn=deleted > users,cn=accounts,cn=provisioning,dc=acc,dc=redacted,dc=org" > SASL/GSSAPI authentication started > SASL username: redacted@REDACTED > SASL SSF: 256 > SASL data security layer installed. > version: 1 > No such object (32) > Matched DN: cn=deleted > users,cn=accounts,cn=provisioning,dc=acc,dc=redacted,dc=org > # Note the above LDAP query finds other preserved users fine > > > The username is NOT bugged no the other replicas. However, > "ipa-replica-manage list" suggests sync is working fine. > > Similar, but I think different: > https://lists.fedoraproject.org/archives/list/[email protected]/thread/2WXQWI6KNAD4GEILHL4ZDXMUDOO34VQC/#2WXQWI6KNAD4GEILHL4ZDXMUDOO34VQC > > I'm using the Red Hat Identity Manager version 4.6.8-5.el7_9.9 flavor of > FreeIPA. > > Ideas? > > Thanks, > > Ryan > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
