[Freeipa-devel] IPA 3.0 migrated to 4.1 users break winsync agreement when deleted in active directory
Martin Basti
mbasti at redhat.com
Wed Sep 9 09:39:51 UTC 2015
On 09/09/2015 10:50 AM, Andreas Calminder wrote:
> Forgot to write that deleting users in active directory not migrated
> with the migrate-ds command works fine, it's only migrated users
> present in the ad that breaks the winsync agreement on deletion.
>
> On 09/09/2015 10:35 AM, Andreas Calminder wrote:
>> Hi,
>> I've asked in #freeipa on freenode but to no avail, figured I'll ask
>> here as well, since I think I've actually hit a bug or (quite)
>> possibly I've done something moronic configuration/migration -wise.
>>
>> I've got an existing FreeIPA 3.0.0 environment running with a fully
>> functioning winsync agreement and passsync service with the windows
>> environments active directory, I'm trying to migrate the 3.0.0
>> environments users into a freshly installed 4.1 (rhel7) environment,
>> after migration I setup a winsync agreement and make it
>> bi-directional (one-way sync from windows) everything seems to be
>> working alright until I delete a migrated user from the Active
>> Directory, after the winsync picks up on the change it'll break and
>> suggests a re-initialize. After the re-initialization the agreement
>> seems to be fine, however the deleted user are still present in the
>> ipa 4.1 environment and cannot be deleted. The webgui and ipa cli
>> says: ipauser1: user not found. ipa user-find ipauser1 finds the user
>> and it's visible in the ui.
>>
>> Anyone had the same problem or anything similar or any pointers on
>> where to start looking?
>>
>> Regards,
>> Andreas
>>
>
Hello, this might be a replication conflict.
Can you list that user via ldapsearch to check if this is replication
conflict?
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
More information about the Freeipa-devel
mailing list