On 09/04/2014 10:31 PM, Ron wrote:
So I tried to delete an entry on IPA01 without success:
[root@ipa01 ~]# ldapdelete -D
uid=admin,cn=users,cn=accounts,dc=,dc=abc,dc=ca -W -x
cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,cn=accounts,dc=,dc=abc,dc=ca
Enter LDAP
On 09/05/2014 12:44 AM, Martin Kosek wrote:
On 09/04/2014 10:31 PM, Ron wrote:
So I tried to delete an entry on IPA01 without success:
[root@ipa01 ~]# ldapdelete -D
uid=admin,cn=users,cn=accounts,dc=,dc=abc,dc=ca -W -x
So, just for completeness in case someone else experiences the same
issue, what I did in the end was install JXplorer and then use it to
delete the problem entries. They appeared as (for example):
nsuniqueid=4034e309-d63711e3-9b7eb928-a98b9061+uid=disk100,cn=users,cn=accounts,dc=xxx,dc=abc,dc=ca
Ah, ok. As Rob advised, you will need to delete it via ldapdelete CLI or via
any LDAP GUI application of choice.
BTW, this is upstream ticket tracking better means to resolve replication
conflicts:
https://fedorahosted.org/freeipa/ticket/1025
Martin
On 09/03/2014 10:44 PM, Ron wrote:
By the
So I tried to delete an entry on IPA01 without success:
[root@ipa01 ~]# ldapdelete -D
uid=admin,cn=users,cn=accounts,dc=,dc=abc,dc=ca -W -x
cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,cn=accounts,dc=,dc=abc,dc=ca
Enter LDAP Password:
ldap_delete: Server is
On 09/04/2014 02:31 PM, Ron wrote:
So I tried to delete an entry on IPA01 without success:
[root@ipa01 ~]# ldapdelete -D
uid=admin,cn=users,cn=accounts,dc=,dc=abc,dc=ca -W -x
cn=userxyz+nsuniqueid=62c9c682-32ce11e4-8c13b928-a98b9061,cn=groups,cn=accounts,dc=,dc=abc,dc=ca
Enter LDAP
user-find sees a user but user-del cannot remove it. What can I do?
Thanks.
Regards,
Ron
[root@ipa]# ipa user-find --login phys210e
--
1 user matched
--
User login: phys210e
First name: Testing
Last name: Phys210
Home directory: /home2/phys210e
Login shell:
Can you check /var/log/dirsrv/slapd-YOUR-REALM/access, search for the DEL
operation and see what was the error code that DS gave when it refused to
delete the user?
Martin
On 09/03/2014 06:18 PM, Ron wrote:
user-find sees a user but user-del cannot remove it. What can I do?
Thanks.
Regards,
Martin Kosek wrote:
Can you check /var/log/dirsrv/slapd-YOUR-REALM/access, search for the DEL
operation and see what was the error code that DS gave when it refused to
delete the user?
Were I to guess the issue is that this is a replication conflict entry.
If you do:
# ipa user-show --all
Here is what is in the /var/log/dirsrv/slapd-YOUR-REALM/access... logfile:
conn=17342 fd=86 slot=86 connection from 142.103.xxx.xx to 142.103.xxx.xx
conn=17342 op=0 BIND dn= method=sasl version=3 mech=GSSAPI
conn=17342 op=0 RESULT err=14 tag=97 nentries=0 etime=1, SASL bind in
progress
conn=17342
Ron wrote:
And here is the result of the user-show command:
[root@ipa slapd-pxxx-abc-CA]# ipa user-show --all --raw phys210e
ipa: ERROR: phys210e: user not found
Sorry, thinko on my part. Do ipa user-find --all --raw --login phys210e
user-show is going to have the same issue as user-delete.
[root@ipa]# ipa user-find --all --raw --login phys210e | grep dn:
dn:
nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=,dc=abc,dc=ca
On 09/03/2014 12:26 PM, Rob Crittenden wrote:
Ron wrote:
And here is the result of the user-show command:
[root@ipa
By the way, all three replica servers show the same:
[root@ipa]# ipa user-find --all --raw --login phys210e | grep dn:
dn:
nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=,dc=abc,dc=ca
[root@ipa01]# ipa user-find --all --raw --login phys210e | grep dn:
On 09/03/2014 02:44 PM, Ron wrote:
By the way, all three replica servers show the same:
[root@ipa]# ipa user-find --all --raw --login phys210e | grep dn:
dn:
nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=,dc=abc,dc=ca
[root@ipa01]# ipa user-find
So in my case I would need to do the Renaming an Entry with a
Multi-Valued Naming Attribute procedure on both IPA01 and IPA02?
Would another way of doing this be to remove IPA01 (and later IPA02) as
a replication-master and then re-add it? I ask this because I have
about 70 of these entries. I
15 matches
Mail list logo