Ron wrote: > And here is the result of the user-show command: > [root@ipa slapd-pxxx-abc-CA]# ipa user-show --all --raw phys210e > ipa: ERROR: phys210e: user not found
Sorry, thinko on my part. Do ipa user-find --all --raw --login phys210e user-show is going to have the same issue as user-delete. rob > > > > On 09/03/2014 10:43 AM, Rob Crittenden wrote: >> Martin Kosek wrote: >>> Can you check /var/log/dirsrv/slapd-YOUR-REALM/access, search for the DEL >>> operation and see what was the error code that DS gave when it refused to >>> delete the user? >> Were I to guess the issue is that this is a replication conflict entry. >> If you do: >> >> # ipa user-show --all --raw phys210e |grep dn: >> >> It will likely begin with nsuniqueid=<hex>, ... >> >> The reason it can be found and not deleted is we create the dn to be >> removed, we don't search for it. So the user uid=phys210e,cn=users,... >> etc doesn't exist but the user nsuniqueid=<hex> ... does. >> >> You'll need to use ldapmodify or ldapdelete to remove the entry though >> I'd check your other masters to see what the state of the user is there. >> >> rob >> >>> Martin >>> >>> On 09/03/2014 06:18 PM, Ron wrote: >>>> user-find sees a user but user-del cannot remove it. What can I do? >>>> Thanks. >>>> Regards, >>>> Ron >>>> >>>> [root@ipa]# ipa user-find --login phys210e >>>> -------------- >>>> 1 user matched >>>> -------------- >>>> User login: phys210e >>>> First name: Testing >>>> Last name: Phys210 >>>> Home directory: /home2/phys210e >>>> Login shell: /bin/bash >>>> Email address: [email protected] >>>> UID: 15010 >>>> GID: 15010 >>>> Account disabled: False >>>> Password: True >>>> Kerberos keys available: False >>>> ---------------------------- >>>> Number of entries returned 1 >>>> ---------------------------- >>>> [root@ipa]# ipa user-del phys210e --continue >>>> --------------- >>>> Deleted user "" >>>> --------------- >>>> Failed to remove: phys210e >>>> >>>> >>>> [root@ipa]# cat /etc/redhat-release >>>> Red Hat Enterprise Linux Server release 6.5 (Santiago) >>>> >>>> [root@ipa]# rpm -qa|grep ipa; rpm -qa|grep 389 >>>> ipa-pki-ca-theme-9.0.3-7.el6.noarch >>>> ipa-admintools-3.0.0-37.el6.i686 >>>> ipa-pki-common-theme-9.0.3-7.el6.noarch >>>> libipa_hbac-1.9.2-129.el6_5.4.i686 >>>> ipa-server-selinux-3.0.0-37.el6.i686 >>>> python-iniparse-0.3.1-2.1.el6.noarch >>>> libipa_hbac-python-1.9.2-129.el6_5.4.i686 >>>> ipa-server-3.0.0-37.el6.i686 >>>> ipa-python-3.0.0-37.el6.i686 >>>> ipa-client-3.0.0-37.el6.i686 >>>> 389-ds-base-libs-1.2.11.15-33.el6_5.i686 >>>> 389-ds-base-1.2.11.15-33.el6_5.i686 > > > -- > Ron Parachoniak > Systems Manager, Department of Physics & Astronomy > University of British Columbia, Vancouver, B.C. V6T 1Z1 > Phone: (604) 838-6437 > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
