We found that we have a cert profile that was deleted in the ui and then we attempted to re-create it, but it will not.
ipa: ERROR: Request failed with status 409: Non-2xx response from CA REST API: 409. Unable to create profile: Profile already exists The profile does not show in the UI or via the CLI $ ipa certprofile-find controlServersKubeAPIClustertest1 <blank> $ ipa certprofile-show controlServersKubeAPIClustertest1 <blank> But when checking ldap itself we can see it. $ ldapsearch -LLL -o ldif-wrap=no -w $pass -D 'cn=Directory Manager' -b 'o=ipaca' | grep controlServersKubeAPIClustertest1 dn: cn=controlServersKubeAPIClustertest1,ou=certificateProfiles,ou=ca,o=ipaca cn: controlServersKubeAPIClustertest1 extdata-profileid: controlServersKubeAPIClustertest1 metaInfo: profileId:controlServersKubeAPIClustertest1 extdata-profileid: controlServersKubeAPIClustertest1 metaInfo: profileId:controlServersKubeAPIClustertest1 extdata-profileid: controlServersKubeAPIClustertest1 metaInfo: profileId:controlServersKubeAPIClustertest1 extdata-profileid: controlServersKubeAPIClustertest1 metaInfo: profileId:controlServersKubeAPIClustertest1 extdata-profileid: controlServersKubeAPIClustertest1 metaInfo: profileId:controlServersKubeAPIClustertest1 Apart from doing an ldapdelete on that dn: , is there a better way to clean up that "ghost" cert profile? (and the corresponding certs?) thanks, Nick _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue