We have an entry, what after clicking delete on the UI got partially deleted. The compat tree entry is gone. The accounts tree entry is there. ldapsearch finds the entry by uid, but does fail by dn. ipa user-show <USERID> finds the user ipa user-del <USERID> says no such user ldapdelete fails to delete the entry by dn with err=32 Web ui shows user User content can be modified from ipa cli and web ui - like name, shell, but cannot be deleted Other entries can be created and deleted without issue. We have 4way master-master replication. Tried cli on 3 and got same result and issue. The third is not touched and the entry is available there both accounts and compat tree.
ipa-server-4.6.4-10.el7.centos.3.x86_64 CentOS Linux release 7.6.1810 (Core) On full broken master: # <USERID>, users, accounts, cxn dn: uid=<USERID>,cn=users,cn=accounts,dc=cxn gecos: FOO BAR displayName: FOO BAR krbLastAdminUnlock: 20190807124134Z krbLoginFailedCount: 0 memberOf: cn=ipausers,cn=groups,cn=accounts,dc=cxn memberOf: cn=somegroup1,cn=groups,cn=accounts,dc=cxn memberOf: cn=somegroupt2,cn=groups,cn=accounts,dc=cxn gidNumber: <GID> uidNumber: <UID> ipaUniqueID: <RANDOMUNIQUEID> cn: BAZ givenName: FOO krbPrincipalName: <USERID>@CXN mail: <MAIL> homeDirectory: /home/<USERID> sn: BAR initials: cU loginShell: /bin/false objectClass: ipaobject objectClass: person objectClass: top objectClass: ipasshuser objectClass: inetorgperson objectClass: organizationalperson objectClass: krbticketpolicyaux objectClass: krbprincipalaux objectClass: inetuser objectClass: posixaccount objectClass: ipaSshGroupOfPubKeys objectClass: mepOriginEntry krbCanonicalName: <USERID>@CXN uid: <USERID> mepManagedEntry: cn=<USERID>,cn=groups,cn=accounts,dc=cxn krbPasswordExpiration: 20170615133527Z krbLastPwdChange: 20170615133527Z krbExtraData:: AAIfjUJZcm9vdC9hZG1pbkBDWE4A On untouched master: # <USERID>, users, compat, cxn dn: uid=<USERID>,cn=users,cn=compat,dc=cxn objectClass: posixAccount objectClass: ipaOverrideTarget objectClass: top gecos: BAZ cn: BAZ uidNumber: <UID> gidNumber: <GID> loginShell: /bin/false homeDirectory: /home/<USERID> ipaAnchorUUID:: somerandomuuid uid: <USERID> # <USERID>, users, accounts, cxn dn: uid=<USERID>,cn=users,cn=accounts,dc=cxn gecos: FOO BAR displayName: FOO BAR krbLastAdminUnlock: 20190807124134Z memberOf: cn=ipausers,cn=groups,cn=accounts,dc=cxn memberOf: cn=group1,cn=groups,cn=accounts,dc=cxn memberOf: cn=group2,cn=groups,cn=accounts,dc=cxn gidNumber: <GID> krbExtraData:: AAIfjUJZcm9vdC9hZG1pbkBDWE4A krbLastPwdChange: 20170615133527Z krbPasswordExpiration: 20170615133527Z mepManagedEntry: cn=<USERID>,cn=groups,cn=accounts,dc=cxn uid: <USERID> krbCanonicalName: <USERID>@CXN objectClass: ipaobject objectClass: person objectClass: top objectClass: ipasshuser objectClass: inetorgperson objectClass: organizationalperson objectClass: krbticketpolicyaux objectClass: krbprincipalaux objectClass: inetuser objectClass: posixaccount objectClass: ipaSshGroupOfPubKeys objectClass: mepOriginEntry loginShell: /bin/false initials: cU sn: BAR homeDirectory: /home/<USERID> mail: <MAIL> krbPrincipalName: <USERID>@CXN givenName: FOO cn: BAZ ipaUniqueID: randomuniqueid uidNumber: <UID> -- *Sándor Juhász* System Administrator *ChemAxon* *Kft*. Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 Cell: +36704258964
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org