Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-05 Thread Ron
So, just for completeness in case someone else experiences the same issue, what I did in the end was install JXplorer and then use it to delete the problem entries. They appeared as (for example): nsuniqueid=4034e309-d63711e3-9b7eb928-a98b9061+uid=disk100,cn=users,cn=accounts,dc=xxx,dc=abc,dc=ca

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-05 Thread Rich Megginson
On 09/05/2014 12:44 AM, Martin Kosek wrote: On 09/04/2014 10:31 PM, Ron wrote: So I tried to delete an entry on IPA01 without success: [root@ipa01 ~]# ldapdelete -D "uid=admin,cn=users,cn=accounts,dc=,dc=abc,dc=ca" -W -x "cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,c

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-04 Thread Martin Kosek
On 09/04/2014 10:31 PM, Ron wrote: > So I tried to delete an entry on IPA01 without success: > > [root@ipa01 ~]# ldapdelete -D > "uid=admin,cn=users,cn=accounts,dc=,dc=abc,dc=ca" -W -x > "cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,cn=accounts,dc=,dc=abc,dc=ca" > En

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-04 Thread Rich Megginson
On 09/04/2014 02:31 PM, Ron wrote: So I tried to delete an entry on IPA01 without success: [root@ipa01 ~]# ldapdelete -D "uid=admin,cn=users,cn=accounts,dc=,dc=abc,dc=ca" -W -x "cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,cn=accounts,dc=,dc=abc,dc=ca" Enter LDAP P

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-04 Thread Ron
So I tried to delete an entry on IPA01 without success: [root@ipa01 ~]# ldapdelete -D "uid=admin,cn=users,cn=accounts,dc=,dc=abc,dc=ca" -W -x "cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,cn=accounts,dc=,dc=abc,dc=ca" Enter LDAP Password: ldap_delete: Server is unwil

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-04 Thread Martin Kosek
Ah, ok. As Rob advised, you will need to delete it via ldapdelete CLI or via any LDAP GUI application of choice. BTW, this is upstream ticket tracking better means to resolve replication conflicts: https://fedorahosted.org/freeipa/ticket/1025 Martin On 09/03/2014 10:44 PM, Ron wrote: > By the wa

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Rich Megginson
On 09/03/2014 05:50 PM, Ron wrote: So in my case I would need to do the "Renaming an Entry with a Multi-Valued Naming Attribute" procedure on both IPA01 and IPA02? Yes. Would another way of doing this be to remove IPA01 (and later IPA02) as a replication-master and then re-add it? How woul

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Ron
So in my case I would need to do the "Renaming an Entry with a Multi-Valued Naming Attribute" procedure on both IPA01 and IPA02? Would another way of doing this be to remove IPA01 (and later IPA02) as a replication-master and then re-add it? I ask this because I have about 70 of these entries. I

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Rich Megginson
On 09/03/2014 02:44 PM, Ron wrote: By the way, all three replica servers show the same: [root@ipa]# ipa user-find --all --raw --login phys210e | grep dn: dn: nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=,dc=abc,dc=ca [root@ipa01]# ipa user-find --al

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Ron
By the way, all three replica servers show the same: [root@ipa]# ipa user-find --all --raw --login phys210e | grep dn: dn: nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=,dc=abc,dc=ca [root@ipa01]# ipa user-find --all --raw --login phys210e | grep dn:

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Ron
[root@ipa]# ipa user-find --all --raw --login phys210e | grep dn: dn: nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=,dc=abc,dc=ca On 09/03/2014 12:26 PM, Rob Crittenden wrote: > Ron wrote: >> And here is the result of the user-show command: >> [root@ipa

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Rob Crittenden
Ron wrote: > And here is the result of the user-show command: > [root@ipa slapd-pxxx-abc-CA]# ipa user-show --all --raw phys210e > ipa: ERROR: phys210e: user not found Sorry, thinko on my part. Do ipa user-find --all --raw --login phys210e user-show is going to have the same issue as user-delete.

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Ron
Here is what is in the /var/log/dirsrv/slapd-YOUR-REALM/access... logfile: conn=17342 fd=86 slot=86 connection from 142.103.xxx.xx to 142.103.xxx.xx conn=17342 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI conn=17342 op=0 RESULT err=14 tag=97 nentries=0 etime=1, SASL bind in progress conn=1734

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Rob Crittenden
Martin Kosek wrote: > Can you check /var/log/dirsrv/slapd-YOUR-REALM/access, search for the DEL > operation and see what was the error code that DS gave when it refused to > delete the user? Were I to guess the issue is that this is a replication conflict entry. If you do: # ipa user-show --all -

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Martin Kosek
Can you check /var/log/dirsrv/slapd-YOUR-REALM/access, search for the DEL operation and see what was the error code that DS gave when it refused to delete the user? Martin On 09/03/2014 06:18 PM, Ron wrote: > user-find sees a user but user-del cannot remove it. What can I do? > Thanks. > Regards

[Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Ron
user-find sees a user but user-del cannot remove it. What can I do? Thanks. Regards, Ron [root@ipa]# ipa user-find --login phys210e -- 1 user matched -- User login: phys210e First name: Testing Last name: Phys210 Home directory: /home2/phys210e Login shell: /bin/

Re: [Freeipa-users] ipa user-find

2012-10-26 Thread Rich Megginson
, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Friday, 26 October 2012 3:22 p.m. To: Steven Jones Subject: Re: [Freeipa-users] ipa user-find On 10/25/2012 07:30 PM, Steven Jones wrote: 4 Both idlistscanlimit and

Re: [Freeipa-users] ipa user-find

2012-10-25 Thread Rich Megginson
ity, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Friday, 26 October 2012 9:44 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] ipa user-find On 10/25/2012 02:37 PM, Steven Jones wro

Re: [Freeipa-users] ipa user-find

2012-10-25 Thread Steven Jones
] Sent: Friday, 26 October 2012 9:44 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] ipa user-find On 10/25/2012 02:37 PM, Steven Jones wrote: > Hi, > > Ive tried, > > dn: cn=default instance config,cn=config,cn=plugins > > and, > > dn: cn

Re: [Freeipa-users] ipa user-find

2012-10-25 Thread Steven Jones
8><- > >> and how do I get the web ui to return all users so I can see if the >> winsync is working , its a test bed so I need to do a side by side >> comparison > > You'll need to modify the size limit in the IPA configuration screen. > IPA Server -> Configuration -> Search size limit

Re: [Freeipa-users] ipa user-find

2012-10-25 Thread Rich Megginson
Victoria University, Wellington, NZ 0064 4 463 6272 From: Rob Crittenden [rcrit...@redhat.com] Sent: Thursday, 25 October 2012 4:16 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] ipa user-find Steven Jones wrote: Hi, How do I

Re: [Freeipa-users] ipa user-find

2012-10-25 Thread Steven Jones
From: Rob Crittenden [rcrit...@redhat.com] Sent: Thursday, 25 October 2012 4:16 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] ipa user-find Steven Jones wrote: > Hi, > > How do I bind as the directory manager? Ive tried and I ca

Re: [Freeipa-users] ipa user-find

2012-10-25 Thread Dmitri Pal
Jones > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] ipa user-find > > Steven Jones wrote: >> When doing the above it only returns 2000, I have 6000 >> >> How to get it to return 6000+? > There are two size limits. One is a global limit in 389-ds-base, &g

Re: [Freeipa-users] ipa user-find

2012-10-25 Thread Petr Spacek
On 10/25/2012 03:23 PM, Rob Crittenden wrote: Rich Megginson wrote: On 10/24/2012 09:16 PM, Rob Crittenden wrote: Steven Jones wrote: Hi, How do I bind as the directory manager? Ive tried and I cant figure out how. Assuming you're running on the same host as IPA: $ ldapmodify -x -D 'cn=di

Re: [Freeipa-users] ipa user-find

2012-10-25 Thread Rob Crittenden
Rich Megginson wrote: On 10/24/2012 09:16 PM, Rob Crittenden wrote: Steven Jones wrote: Hi, How do I bind as the directory manager? Ive tried and I cant figure out how. Assuming you're running on the same host as IPA: $ ldapmodify -x -D 'cn=directory manager' -W dn: cn=default instance con

Re: [Freeipa-users] ipa user-find

2012-10-25 Thread Rich Megginson
HCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rob Crittenden [rcrit...@redhat.com] Sent: Thursday, 25 October 2012 3:40 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] ipa user-find Steven Jones wrote: When

Re: [Freeipa-users] ipa user-find

2012-10-24 Thread Rob Crittenden
@redhat.com] Sent: Thursday, 25 October 2012 3:40 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] ipa user-find Steven Jones wrote: When doing the above it only returns 2000, I have 6000 How to get it to return 6000+? There are two size limits. One is a globa

Re: [Freeipa-users] ipa user-find

2012-10-24 Thread Steven Jones
Victoria University, Wellington, NZ 0064 4 463 6272 From: Rob Crittenden [rcrit...@redhat.com] Sent: Thursday, 25 October 2012 3:40 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] ipa user-find Steven Jones wrote: > When do

Re: [Freeipa-users] ipa user-find

2012-10-24 Thread Rob Crittenden
Steven Jones wrote: When doing the above it only returns 2000, I have 6000 How to get it to return 6000+? There are two size limits. One is a global limit in 389-ds-base, nsslapd-sizelimit which defaults to 2000. IPA has its own search limit which you can also set globally, or override it

[Freeipa-users] ipa user-find

2012-10-24 Thread Steven Jones
When doing the above it only returns 2000, I have 6000 How to get it to return 6000+? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ___ Freeipa-users mailing list Freeipa-users@redhat.co

Re: [Freeipa-users] ipa {user-find} ca cert file

2012-09-19 Thread James James
OK Thanks a lot for the solution and for the advice. 2012/9/19 Rob Crittenden > James James wrote: > >> Hi, >> >> I have followed this >> http://freeipa.org/page/**Certificate_Authority#Using_** >> Certificates_From_a_Different_**CA

Re: [Freeipa-users] ipa {user-find} ca cert file

2012-09-19 Thread Rob Crittenden
James James wrote: Hi, I have followed this http://freeipa.org/page/Certificate_Authority#Using_Certificates_From_a_Different_CA and everything works well. Now when, from the console, I execute $ ipa user-find I've got [root@ipa ipa]# ipa user-find ipa: ERROR: cert validation failed for "E=c

[Freeipa-users] ipa {user-find} ca cert file

2012-09-19 Thread James James
Hi, I have followed this http://freeipa.org/page/Certificate_Authority#Using_Certificates_From_a_Different_CAand everything works well. Now when, from the console, I execute $ ipa user-find I've got [root@ipa ipa]# ipa user-find ipa: ERROR: cert validation failed for "E=certus...@example.com,C