Martin Kosek wrote: > Can you check /var/log/dirsrv/slapd-YOUR-REALM/access, search for the DEL > operation and see what was the error code that DS gave when it refused to > delete the user?
Were I to guess the issue is that this is a replication conflict entry. If you do: # ipa user-show --all --raw phys210e |grep dn: It will likely begin with nsuniqueid=<hex>, ... The reason it can be found and not deleted is we create the dn to be removed, we don't search for it. So the user uid=phys210e,cn=users,... etc doesn't exist but the user nsuniqueid=<hex> ... does. You'll need to use ldapmodify or ldapdelete to remove the entry though I'd check your other masters to see what the state of the user is there. rob > > Martin > > On 09/03/2014 06:18 PM, Ron wrote: >> user-find sees a user but user-del cannot remove it. What can I do? >> Thanks. >> Regards, >> Ron >> >> [root@ipa]# ipa user-find --login phys210e >> -------------- >> 1 user matched >> -------------- >> User login: phys210e >> First name: Testing >> Last name: Phys210 >> Home directory: /home2/phys210e >> Login shell: /bin/bash >> Email address: phys2...@phas.ubc.ca >> UID: 15010 >> GID: 15010 >> Account disabled: False >> Password: True >> Kerberos keys available: False >> ---------------------------- >> Number of entries returned 1 >> ---------------------------- >> [root@ipa]# ipa user-del phys210e --continue >> --------------- >> Deleted user "" >> --------------- >> Failed to remove: phys210e >> >> >> [root@ipa]# cat /etc/redhat-release >> Red Hat Enterprise Linux Server release 6.5 (Santiago) >> >> [root@ipa]# rpm -qa|grep ipa; rpm -qa|grep 389 >> ipa-pki-ca-theme-9.0.3-7.el6.noarch >> ipa-admintools-3.0.0-37.el6.i686 >> ipa-pki-common-theme-9.0.3-7.el6.noarch >> libipa_hbac-1.9.2-129.el6_5.4.i686 >> ipa-server-selinux-3.0.0-37.el6.i686 >> python-iniparse-0.3.1-2.1.el6.noarch >> libipa_hbac-python-1.9.2-129.el6_5.4.i686 >> ipa-server-3.0.0-37.el6.i686 >> ipa-python-3.0.0-37.el6.i686 >> ipa-client-3.0.0-37.el6.i686 >> 389-ds-base-libs-1.2.11.15-33.el6_5.i686 >> 389-ds-base-1.2.11.15-33.el6_5.i686 > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project