On Thu, 01 Oct 2015, Fujisan wrote:

I want to add user 'user1'  with the freeipa web UI. It is not present in
the list of users in the web UI but when I click "add", it says 'user with
name "user1" already exists'.

ldapsearch shows 'user1' is there:
$ ldapsearch -x -h ipasrv uid=user1
# extended LDIF
# LDAPv3
# base <dc=mydomain> (default) with scope subtree
# filter: uid=user1
# requesting: ALL

# user1, users, compat, mydomain
dn: uid=user1,cn=users,cn=compat,dc=mydomain
objectClass: posixAccount
objectClass: top
cn: user one
gidNumber: 1029
gecos: user one
uidNumber: 1029
loginShell: /bin/bash
homeDirectory: /home/user1
uid: user1

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

and ldapdelete doesn't work:
$ ldapdelete -x -h ipasrv 'uid=user1,cn=users,cn=compat,dc=mydomain'
ldap_delete: No such object (32)
   matched DN: dc=mydomain

How can I remove 'user1' completely?
Compat tree (cn=compat,dc=mydomain) is a read-only tree which is
generated based on the primary tree (in cn=accounts,dc=mydomain).

If there is no entry in the primary tree, there wouldn't be any entry in
compat tree because it only adds (or removes) entries based on their
existence in the primary tree.

What I see looks like a replication conflict that might have left an
entry named
uid=user1+nsuniqueid=<something>,cn=users,cn=accounts,dc=mydomain and
which caused creation of this compat tree entry.

Can you show output of ldapsearch -D cn=directory\ manager -W -b cn=accounts,dc=mydomain '(uid=user1*)'
/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to