On 01/27/2017 12:51 PM, Harald Dunkel wrote:
Hi Thierry,
On 01/26/17 16:55, thierry bordaz wrote:
Those entries are managed entries and it is not possible to delete them from
direct ldap command.
A solution proposed by Ludwig is not first make them unmanaged:
cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
changetype: modify
modify: objectclass
delete: mepManagedEntry
cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
changetype: modify
modify: objectclass
delete: mepManagedEntry
Then retry to delete them.
It should work for the first one but unsure it will succeed for the second one.
I am not sure about this "managed" thing. This sounds like some
kind of external influence.
How can I make sure that removing these entries doesn't break
something? Is the original entry managed in the same way as
the duplicate?
Regards
Harri
Hello Harri,
sorry for this late answer.
I understand your concern and in fact it is difficult to anticipate a
potential bad impact of this cleanup. However,I think it is safe to get
rid of the following entry.
Before doing so you may check it exists
cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de that is managedBy the
ipaservers_hostgoups.
dn:
cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de
objectClass: mepManagedEntry
If you are willing to remove that entry you need to remove the mepmanagedEntry
oc. So you need to remove the mepManagedBy and oc in the same operation
Regarding the following entry
dn:
cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
objectClass: mepOriginEntry
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de
You may want to check if it exists an entry it manages, looking for
"(mepManagedBy=
cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
)". If it exists none, you should be able to remove it.
Also I think working on ipabak, you should be able to do some tests on the
cleanup instance to validate everything is working fine.
regards
thierry
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project