Re: [Freeipa-users] Deleting a duplicate user

2016-08-23 Thread Alexander Bokovoy

On Tue, 23 Aug 2016, Alexander Bokovoy wrote:

On Tue, 23 Aug 2016, Zak Wolfinger wrote:

We were in the final stages of migrating FreeIPA from 3.0 to 4.2.
During the migration, both the 3.0 replicas and the 4.2 replicas were
in the replica pool.  User account changes made to 3.0 would replicate
to 4.2 just fine, but changes wouldn’t replicate from 4.2 to 3.0.

Admins should have been aware of this and performing all changes to the
3.0 replicas.  However 2 accounts were created on the 4.2 replicas and
then also added to the 3.0 replicas.  This resulted in a replication
conflict and each user account has a duplicate with the same username
but different UIDs.

I want to delete the duplicates.  “ipa user-del” will not take the UID
as an identifier, only the username.  Using just the username fails
with an error due to the duplicate accounts.

The old 3.0 replicas have all been removed from the pool and
decommissioned.  It would be tons of work to bring them back into
production.

Any thoughts on how to fix this issue?

You can delete wrong entry using ldapdelete.

Search for the records with 'ipa user-find' first:

[root ipa]# ipa user-find --all --raw --login myuser | grep dn:
dn: 
nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=myuser,cn=users,cn=accounts,dc=,dc=exampe,dc=com

This gives you a DN of the conflict entry. Now you can delete it with
ldapdelete:

[root ipa]# ldapdelete -Y GSSPAI 
nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=myuser,cn=users,cn=accounts,dc=,dc=exampe,dc=com

s/GSSPAI/GSSAPI/, of course.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Deleting a duplicate user

2016-08-23 Thread Alexander Bokovoy

On Tue, 23 Aug 2016, Zak Wolfinger wrote:

We were in the final stages of migrating FreeIPA from 3.0 to 4.2.
During the migration, both the 3.0 replicas and the 4.2 replicas were
in the replica pool.  User account changes made to 3.0 would replicate
to 4.2 just fine, but changes wouldn’t replicate from 4.2 to 3.0.

Admins should have been aware of this and performing all changes to the
3.0 replicas.  However 2 accounts were created on the 4.2 replicas and
then also added to the 3.0 replicas.  This resulted in a replication
conflict and each user account has a duplicate with the same username
but different UIDs.

I want to delete the duplicates.  “ipa user-del” will not take the UID
as an identifier, only the username.  Using just the username fails
with an error due to the duplicate accounts.

The old 3.0 replicas have all been removed from the pool and
decommissioned.  It would be tons of work to bring them back into
production.

Any thoughts on how to fix this issue?

You can delete wrong entry using ldapdelete.

Search for the records with 'ipa user-find' first:

[root ipa]# ipa user-find --all --raw --login myuser | grep dn:
 dn: 
nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=myuser,cn=users,cn=accounts,dc=,dc=exampe,dc=com

This gives you a DN of the conflict entry. Now you can delete it with
ldapdelete:

[root ipa]# ldapdelete -Y GSSPAI 
nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=myuser,cn=users,cn=accounts,dc=,dc=exampe,dc=com

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Deleting a duplicate user

2016-08-23 Thread Zak Wolfinger
We were in the final stages of migrating FreeIPA from 3.0 to 4.2.  During the 
migration, both the 3.0 replicas and the 4.2 replicas were in the replica pool. 
 User account changes made to 3.0 would replicate to 4.2 just fine, but changes 
wouldn’t replicate from 4.2 to 3.0.

Admins should have been aware of this and performing all changes to the 3.0 
replicas.  However 2 accounts were created on the 4.2 replicas and then also 
added to the 3.0 replicas.  This resulted in a replication conflict and each 
user account has a duplicate with the same username but different UIDs.

I want to delete the duplicates.  “ipa user-del” will not take the UID as an 
identifier, only the username.  Using just the username fails with an error due 
to the duplicate accounts.

The old 3.0 replicas have all been removed from the pool and decommissioned.  
It would be tons of work to bring them back into production.

Any thoughts on how to fix this issue?

Cheers,
Zak Wolfinger

Infrastructure Engineer  |  Emma®
zak.wolfin...@myemma.com 
800.595.4401 or 615.292.5888 x197
615.292.0777 (fax)

Emma helps organizations everywhere communicate & market in style.
Visit us online at www.myemma.com 



signature.asc
Description: Message signed with OpenPGP using GPGMail
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project