I get this: ----------------------------- $ ldapsearch -D cn=directory\ manager -W -b cn=accounts,dc=mydomain '(uid=user1*)' Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=accounts,dc=mydomain> with scope subtree # filter: (uid=user1*) # requesting: ALL #
# search result search: 2 result: 0 Success # numResponses: 1 ----------------------------- On Thu, Oct 1, 2015 at 4:33 PM, Alexander Bokovoy <[email protected]> wrote: > On Thu, 01 Oct 2015, Fujisan wrote: > >> Hello, >> >> I want to add user 'user1' with the freeipa web UI. It is not present in >> the list of users in the web UI but when I click "add", it says 'user with >> name "user1" already exists'. >> >> ldapsearch shows 'user1' is there: >> --------------------------------------------------------------- >> $ ldapsearch -x -h ipasrv uid=user1 >> # extended LDIF >> # >> # LDAPv3 >> # base <dc=mydomain> (default) with scope subtree >> # filter: uid=user1 >> # requesting: ALL >> # >> >> # user1, users, compat, mydomain >> dn: uid=user1,cn=users,cn=compat,dc=mydomain >> objectClass: posixAccount >> objectClass: top >> cn: user one >> gidNumber: 1029 >> gecos: user one >> uidNumber: 1029 >> loginShell: /bin/bash >> homeDirectory: /home/user1 >> uid: user1 >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 2 >> # numEntries: 1 >> --------------------------------------------------------------- >> >> and ldapdelete doesn't work: >> --------------------------------------------------------------- >> $ ldapdelete -x -h ipasrv 'uid=user1,cn=users,cn=compat,dc=mydomain' >> ldap_delete: No such object (32) >> matched DN: dc=mydomain >> --------------------------------------------------------------- >> >> How can I remove 'user1' completely? >> > Compat tree (cn=compat,dc=mydomain) is a read-only tree which is > generated based on the primary tree (in cn=accounts,dc=mydomain). > > If there is no entry in the primary tree, there wouldn't be any entry in > compat tree because it only adds (or removes) entries based on their > existence in the primary tree. > > What I see looks like a replication conflict that might have left an > entry named > uid=user1+nsuniqueid=<something>,cn=users,cn=accounts,dc=mydomain and > which caused creation of this compat tree entry. > > Can you show output of ldapsearch -D cn=directory\ manager -W -b > cn=accounts,dc=mydomain '(uid=user1*)' > ? > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
