On 06/25/2014 09:19 AM, Chase Khoury wrote:
rpm -qa|grep ipa
ipa-server-3.0.0-37.el6.x86_64

rpm -qa|grep 389
389-ds-base-1.2.11.15-29.el6.x86_64
389-ds-base-libs.1.2.11.15-29.el6.x86_64

=======================================
/var/log/dirsrv/slapd-DOMAIN/errors
=======================================
[23/Jun/214:11:34:27-0400] referint-plugin - _update_all_per_mod:
entry 
cn=667a2b330ee4c889c6dadcd66c086dc,ou=tenants,cn=openstack+nsuniqueid=6ff1b881-d48811e3-89c8890f-56b4c812,dc=example,dc=com:
deleting "member: uid=foo,cn=users,cn=accounts,dc=example,dc=com"
failed (16)
[23/Jun/2014:11:34:27-0400]referint-plugin - _update_all_per_mod:
entry 
cn=enabled_users,cn=openstack+nsuniqueid=6ff1b881-d48811e3-89c8890f-56b4c812,dc=example,dc=com:
deleting "member: uid=foo,cn=users,cn=accounts,dc=example,dc=com"
failed (16)
[23/Jun/2014:11:34:27-0400] referint-plugin - _update_all_per_mod:
entry cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com: deleting
"member:uid=foo,cn=users,cn=accounts,dc=example,dc=com" failed (16)
[23/Jun/2014:11:34:43-0400] ipalockout_preop - [file ipa_lockout.c,
line 722]: Failed to retrieve entry
"uid=rhospadmin,cn=users,cn=accounts,dc=example,dc=com": 32
[23/Jun/2014:11:34:43-0400]ipalockout_postop - [file ipa_lockout.c,
line 473]: Failed to retrieve entry
"uid=rhospadmin,cn=users,cn=accounts,dc=example,dc=com": 32
[23/Jun/2014:11:35:39-0400] referint-plugin - _update_all_per_mod:
entry 
cn=enabled_tenants,cn=openstack+nsuniqueid=6ff1b881-d48811e3-89c8890f-56b4c812,dc=example,dc=com:
deleting "member: uid=tenants,cn=users,cn=accounts,dc=example,dc=com"
failed (16)
[23/Jun/2014:11:35:39-0400] referint-plugin - _update_all_per_mod:
entry 
cn=enabled_tenants,cn=openstack+nsuniqueid=6ff1b881-d48811e3-89c8890f-56b4c812,dc=example,dc=com:
deleting "member:
uid=openstack,cn=users,cn=accounts,dc=example,dc=com" failed (16)
[23/Jun/2014:11:35:41-0400] ldbm_back_modify -Attempt to modify a
tombstone entry
nsuiqueid=d2138508-faeb11e3-89c8890f-56b4c812,cn=Manage
OpenStack,cn=privileges,cn=pbac,dc=example,dc=com
=======================================

Not sure what the problem is.  Please open a ticket.
https://fedorahosted.org/freeipa/newticket



On 6/24/14, Rich Megginson <rmegg...@redhat.com> wrote:
On 06/24/2014 09:46 AM, Chase Khoury wrote:
Hello,
   I am having issues with deleting an ipa user. When I do an 'ipa
user-del foo' there still remains reminisces of the user that are
causing issues.
I have a freeIPA server setup with 3 replica servers set up.
When I did an ipa user-del foo it did not fully delete the user.
if I do an ipa user-add foo after the delete I get an "ipa ERROR: user
with the name "foo" already exists"
If I do a ipa user-show foo I get "ipa ERROR: foo: user not found"
if I do an ipa user-find foo it returns an entry.
--------------
1 user matched
--------------
    User login: foo
    First name: foo
    Last name: bar
    Home directory: /home/foo
    login shell: /bin/bash
    Email address: f...@bar.com
    UID: 5021
    GID: 5021
    Account disabled: False
    Password: True
    Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------

If I do an ldapsearch for the user it still has a user entry.
When trying to do an ldapdelete I get the error "Server is unwilling
to perform (53)"

Does anyone know why this happened or how to clean up the server so I
can get it into a state when I can successful do an ipa-user-add foo?
What version of ipa are you using?  What version of 389?
rpm -qa|grep ipa
rpm -qa|grep 389

Can you provide excerpts from your 389 errors log
/var/log/dirsrv/slapd-DOMAIN/errors from around the time of the problems
mentioned above?



--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to