Re: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4, ) [Internal Error (System error)]

Mon, 30 Jan 2017 00:17:29 -0800 


On 01/27/2017 12:51 PM, Harald Dunkel wrote:

Hi Thierry,

On 01/26/17 16:55, thierry bordaz wrote:


Those entries are managed entries and it is not possible to delete them from 
direct ldap command.
A solution proposed by Ludwig is not first make them unmanaged:

cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
changetype: modify
modify: objectclass
delete: mepManagedEntry

cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
changetype: modify
modify: objectclass
delete: mepManagedEntry

Then retry to delete them.
It should work for the first one but unsure it will succeed for the second one.


I am not sure about this "managed" thing. This sounds like some
kind of external influence.

How can I make sure that removing these entries doesn't break
something? Is the original entry managed in the same way as
the duplicate?


Regards
Harri


Hello Harri,

sorry for this late answer.


I understand your concern and in fact it is difficult to anticipate a  
potential bad impact of this cleanup. However,I think it is safe to get 
rid of the following entry.

Before doing so you may check it exists

cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de that is managedBy the 
ipaservers_hostgoups.

dn: 
cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de
objectClass: mepManagedEntry


If you are willing to remove that entry you need to remove the mepmanagedEntry 
oc. So you need to remove the mepManagedBy and oc in the same operation


Regarding the following entry
 dn: 
cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
objectClass: mepOriginEntry
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de

You may want to check if it exists an entry it manages, looking for 
"(mepManagedBy=
cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
)". If it exists none, you should be able to remove it.

Also I think working on ipabak, you should be able to do some tests on the 
cleanup instance to validate everything is working fine.

regards
thierry

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
























					Reply via email to