On 08/01/2014 11:42 AM, barry...@gmail.com wrote:
> Hi:
>
> I follow command found from here and want to del priate group but fail
> any idea?
> It said line 5 attribute error , any synta xwrong?
>
> ldapsearch -LLL -Y GSSAPI cn=barry
>
>  ldapmodify -Y GSSAPI <<EOF
> dn: cn=barry,cn=groups,cn=accounts,dc=abc,dc=com
> changetype: modify
> delete: objectclass
> objectclass: mepManagedEntry
> delete: mepManagedBy
> dn: cn=barry,cn=groups,cn=accounts,dc=abcdc=com
> changetype: delete
> EOF
>
>
>

You need to first delete the mepManagedBy attribute, since it is allowed
by the mepManagedEntry objectclass, and then removing the objectclass
itself.

Performing the operations in reverse order leaves you with mepManagedBy
in the entry, which is not allowed by any objectclass.

#!RESULT OK
#!DATE 2014-08-01T09:53:38.820
dn:
cn=random,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
changetype: modify
delete: mepManagedBy
-

#!RESULT OK
#!DATE 2014-08-01T09:53:45.511
dn:
cn=random,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
changetype: modify
delete: objectClass
objectClass: mepManagedEntry
-


-- 
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to