On Jun 16, 2015, at 01:56, thierry bordaz <tbor...@redhat.com> wrote: > >> On 06/16/2015 09:02 AM, Ludwig Krispenz wrote: >> >>> On 06/16/2015 05:07 AM, Janelle wrote: >>>> On 6/15/15 1:12 PM, Rob Crittenden wrote: >>>> Janelle wrote: >>>>>> On 6/15/15 6:36 AM, Rob Crittenden wrote: >>>>>> >>>>>> Usually means there is a replication conflict entry. You may be able >>>>>> to get more details on what failed by looking at the LDAP access log >>>>>> of both LDAP servers, though I guess I'd expect this happened locally >>>>>> on the IPA box. >>> >>> Hi again, >>> >>> I have been trying to follow this procedure for replication conflicts >>> regarding "nsds5ReplConflict", where I had the two account duplicates, but >>> no matter what, I still get: >>> >>> modifying rdn of entry >>> "nsuniqueid=ffc68a41-86e71c6-71714816-fcf248a0+uid=janelle,cn=users,cn=accounts,dc=example,dc=com" >>> ldap_rename: Constraint violation >>> additional info: Another entry with the same attribute value already >>> exists (attribute: "uid") >>> >>> When I am trying to run the modrdn (ldapmodify) command? Which simply >>> refuses to work. I have been at it for over a week now with no luck. I >>> think this is the last of my issues causing my replication problems. What >>> caused this is that I do have multiple helpdesk personnel that had been >>> updating user accounts. This process has been resolved, but we can't seem >>> to remove the last few duplicates. >>> >>> Any suggestions? Is there a missing step in conflict resolution perhaps? >> these entries are already a result of conflict resolution, If you add the >> same entry simultaneously on two servers (meaning add it on A and add it on >> B (before B has received the replicated add from A), there exist two entries >> with the same dn, which is not possible. So conflict resolution does not >> arbitrarily throw one away, but renames it and leaves it to the admin, which >> on to keep. So you should have one entry >> uid=janelle,... and one nsuniqueid=nnnn+uid=janelle,.... > > The error you get is coming from 'uid uniqueness'. Like ludwig mention, it > exists duplicated entries with both of them 'uid=janelle'. > 'uid uniqueness' plugin prevents you to do a direct MODRDN on one of them > because, it finds duplicated 'uid=janelle'. >> you can delete the nsuniqeid=nnnn entry to get rid of it. > +1 > > thierry >> >> There is a request to hide these nsuniqueid+uid entries from regular >> searches, it will be in a next release of 389 >> >> Ludwig >>> >>> ~J > > -- But everything I try to delete fails. Is there a procedure in 389-DS I can read for this? Maybe I am missing an option in ldapmodify? I am happy to delete, if only it would let me.
~J -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project