My main ipa server used to be an NIS server. After migrating everything
into ipa, there is no need for the users and groups to exist in /etc/passwd
and /etc/group. Leaving them around would cause duplicate entries,
passwords falling out of sync and other issues on the server. So the right
approach is to delete all the local users and groups, and let ipa handle
everything. I was able to delete all the local users from /etc/passwd.
However, groupdel won't let me delete the local groups. It complains that
xyz user's primary group is abc and hence you can't delete it.  The user
itself is not a part of /etc/passwd anymore. This is a bug as far as I can
tell. groupdel should check these constraints only for local users and
local groups. It shouldn't mix ipa users and ipa groups with them.

Environment: RHEL 7.2, idm 4.x
Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to