Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-05 Thread Martin Kosek
On 09/04/2014 10:31 PM, Ron wrote: So I tried to delete an entry on IPA01 without success: [root@ipa01 ~]# ldapdelete -D uid=admin,cn=users,cn=accounts,dc=,dc=abc,dc=ca -W -x cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,cn=accounts,dc=,dc=abc,dc=ca Enter LDAP

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-05 Thread Rich Megginson
On 09/05/2014 12:44 AM, Martin Kosek wrote: On 09/04/2014 10:31 PM, Ron wrote: So I tried to delete an entry on IPA01 without success: [root@ipa01 ~]# ldapdelete -D uid=admin,cn=users,cn=accounts,dc=,dc=abc,dc=ca -W -x

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-05 Thread Ron
So, just for completeness in case someone else experiences the same issue, what I did in the end was install JXplorer and then use it to delete the problem entries. They appeared as (for example): nsuniqueid=4034e309-d63711e3-9b7eb928-a98b9061+uid=disk100,cn=users,cn=accounts,dc=xxx,dc=abc,dc=ca

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-04 Thread Martin Kosek
Ah, ok. As Rob advised, you will need to delete it via ldapdelete CLI or via any LDAP GUI application of choice. BTW, this is upstream ticket tracking better means to resolve replication conflicts: https://fedorahosted.org/freeipa/ticket/1025 Martin On 09/03/2014 10:44 PM, Ron wrote: By the

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-04 Thread Ron
So I tried to delete an entry on IPA01 without success: [root@ipa01 ~]# ldapdelete -D uid=admin,cn=users,cn=accounts,dc=,dc=abc,dc=ca -W -x cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,cn=accounts,dc=,dc=abc,dc=ca Enter LDAP Password: ldap_delete: Server is

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-04 Thread Rich Megginson
On 09/04/2014 02:31 PM, Ron wrote: So I tried to delete an entry on IPA01 without success: [root@ipa01 ~]# ldapdelete -D uid=admin,cn=users,cn=accounts,dc=,dc=abc,dc=ca -W -x cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,cn=accounts,dc=,dc=abc,dc=ca Enter LDAP

[Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Ron
user-find sees a user but user-del cannot remove it. What can I do? Thanks. Regards, Ron [root@ipa]# ipa user-find --login phys210e -- 1 user matched -- User login: phys210e First name: Testing Last name: Phys210 Home directory: /home2/phys210e Login shell:

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Martin Kosek
Can you check /var/log/dirsrv/slapd-YOUR-REALM/access, search for the DEL operation and see what was the error code that DS gave when it refused to delete the user? Martin On 09/03/2014 06:18 PM, Ron wrote: user-find sees a user but user-del cannot remove it. What can I do? Thanks. Regards,

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Rob Crittenden
Martin Kosek wrote: Can you check /var/log/dirsrv/slapd-YOUR-REALM/access, search for the DEL operation and see what was the error code that DS gave when it refused to delete the user? Were I to guess the issue is that this is a replication conflict entry. If you do: # ipa user-show --all

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Ron
Here is what is in the /var/log/dirsrv/slapd-YOUR-REALM/access... logfile: conn=17342 fd=86 slot=86 connection from 142.103.xxx.xx to 142.103.xxx.xx conn=17342 op=0 BIND dn= method=sasl version=3 mech=GSSAPI conn=17342 op=0 RESULT err=14 tag=97 nentries=0 etime=1, SASL bind in progress conn=17342

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Rob Crittenden
Ron wrote: And here is the result of the user-show command: [root@ipa slapd-pxxx-abc-CA]# ipa user-show --all --raw phys210e ipa: ERROR: phys210e: user not found Sorry, thinko on my part. Do ipa user-find --all --raw --login phys210e user-show is going to have the same issue as user-delete.

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Ron
[root@ipa]# ipa user-find --all --raw --login phys210e | grep dn: dn: nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=,dc=abc,dc=ca On 09/03/2014 12:26 PM, Rob Crittenden wrote: Ron wrote: And here is the result of the user-show command: [root@ipa

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Ron
By the way, all three replica servers show the same: [root@ipa]# ipa user-find --all --raw --login phys210e | grep dn: dn: nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=,dc=abc,dc=ca [root@ipa01]# ipa user-find --all --raw --login phys210e | grep dn:

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Rich Megginson
On 09/03/2014 02:44 PM, Ron wrote: By the way, all three replica servers show the same: [root@ipa]# ipa user-find --all --raw --login phys210e | grep dn: dn: nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=,dc=abc,dc=ca [root@ipa01]# ipa user-find

Re: [Freeipa-users] ipa user-find finds user but ipa user-del fails

2014-09-03 Thread Ron
So in my case I would need to do the Renaming an Entry with a Multi-Valued Naming Attribute procedure on both IPA01 and IPA02? Would another way of doing this be to remove IPA01 (and later IPA02) as a replication-master and then re-add it? I ask this because I have about 70 of these entries. I