So I tried to delete an entry on IPA01 without success:

[root@ipa01 ~]# ldapdelete -D
"uid=admin,cn=users,cn=accounts,dc=xxxx,dc=abc,dc=ca" -W -x
"cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,cn=accounts,dc=xxxx,dc=abc,dc=ca"
Enter LDAP Password:
ldap_delete: Server is unwilling to perform (53)
    additional info: Deleting a managed entry is not allowed. It needs
to be manually unlinked first

Same problem if I try to use ldapmodify:

[root@ipa01 ~]# ldapmodify -D
"uid=admin,cn=users,cn=accounts,dc=xxxx,dc=abc,dc=ca" -W -x
Enter LDAP Password:
dn:
cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,cn=accounts,dc=xxxx,dc=abc,dc=ca
changetype: modrdn
newrdn: uid=19000
deleteoldrdn: 0

modifying rdn of entry
"cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,cn=accounts,dc=xxxx,dc=abc,dc=ca"
ldap_rename: Server is unwilling to perform (53)
    additional info: Renaming a managed entry is not allowed. It needs
to be manually unlinked first.

(19000 is just an unused uid)

Would this be because of the private group associated with the user?

How do I unlink the entry?  Would I use the following?
ipa group-detach userxyz

Thanks again for all your help!
-Ron

On 09/04/2014 02:48 AM, Martin Kosek wrote:
> Ah, ok. As Rob advised, you will need to delete it via ldapdelete CLI or via
> any LDAP GUI application of choice.
>
> BTW, this is upstream ticket tracking better means to resolve replication
> conflicts:
> https://fedorahosted.org/freeipa/ticket/1025
>
> Martin
>
> On 09/03/2014 10:44 PM, Ron wrote:
>> By the way, all three replica servers show the same:
>>
>> [root@ipa]# ipa user-find --all --raw --login phys210e | grep dn:
>>   dn:
>> nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=xxxx,dc=abc,dc=ca
>>
>> [root@ipa01]# ipa user-find --all --raw --login phys210e | grep dn:
>>   dn:
>> nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=xxxx,dc=abc,dc=ca
>>
>> [root@ipa02]# ipa user-find --all --raw --login phys210e | grep dn:
>>   dn:
>> nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=xxxx,dc=abc,dc=ca

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to