On 08/01/2014 11:56 AM, Tomas Babej wrote:


On 08/01/2014 11:42 AM, barry...@gmail.com wrote:
Hi:

I follow command found from here and want to del priate group but fail any idea?
It said line 5 attribute error , any synta xwrong?

ldapsearch -LLL -Y GSSAPI cn=barry

 ldapmodify -Y GSSAPI <<EOF
dn: cn=barry,cn=groups,cn=accounts,dc=abc,dc=com
changetype: modify
delete: objectclass
objectclass: mepManagedEntry
delete: mepManagedBy
dn: cn=barry,cn=groups,cn=accounts,dc=abcdc=com
changetype: delete
EOF




You need to first delete the mepManagedBy attribute, since it is allowed by the mepManagedEntry objectclass, and then removing the objectclass itself.
you should be able to do this in one modify operation, if the attribute is a required attribute you even have to do it in one mod. Schema checking is done after all the mods of an operations are applied. In the original mod I think the separator of sub operations is missing, it should be:

dn: cn=barry,cn=groups,cn=accounts,dc=abc,dc=com
changetype: modify
delete: objectclass
objectclass: mepManagedEntry
-
delete: mepManagedBy



Performing the operations in reverse order leaves you with mepManagedBy in the entry, which is not allowed by any objectclass.

#!RESULT OK
#!DATE 2014-08-01T09:53:38.820
dn: cn=random,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
changetype: modify
delete: mepManagedBy
-

#!RESULT OK
#!DATE 2014-08-01T09:53:45.511
dn: cn=random,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
changetype: modify
delete: objectClass
objectClass: mepManagedEntry
-


--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org



-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to