[Freeipa-devel] IPA 3.0 migrated to 4.1 users break winsync agreement when deleted in active directory
Rich Megginson
rmeggins at redhat.com
Wed Sep 9 14:29:23 UTC 2015
On 09/09/2015 03:39 AM, Martin Basti wrote:
>
>
> On 09/09/2015 10:50 AM, Andreas Calminder wrote:
>> Forgot to write that deleting users in active directory not migrated
>> with the migrate-ds command works fine, it's only migrated users
>> present in the ad that breaks the winsync agreement on deletion.
>>
>> On 09/09/2015 10:35 AM, Andreas Calminder wrote:
>>> Hi,
>>> I've asked in #freeipa on freenode but to no avail, figured I'll ask
>>> here as well, since I think I've actually hit a bug or (quite)
>>> possibly I've done something moronic configuration/migration -wise.
>>>
>>> I've got an existing FreeIPA 3.0.0 environment running with a fully
>>> functioning winsync agreement and passsync service with the windows
>>> environments active directory, I'm trying to migrate the 3.0.0
>>> environments users into a freshly installed 4.1 (rhel7) environment,
>>> after migration I setup a winsync agreement and make it
>>> bi-directional (one-way sync from windows) everything seems to be
>>> working alright until I delete a migrated user from the Active
>>> Directory, after the winsync picks up on the change it'll break and
>>> suggests a re-initialize. After the re-initialization the agreement
>>> seems to be fine, however the deleted user are still present in the
>>> ipa 4.1 environment and cannot be deleted. The webgui and ipa cli
>>> says: ipauser1: user not found. ipa user-find ipauser1 finds the
>>> user and it's visible in the ui.
>>>
>>> Anyone had the same problem or anything similar or any pointers on
>>> where to start looking?
>>>
>>> Regards,
>>> Andreas
>>>
>>
>
> Hello, this might be a replication conflict.
>
> Can you list that user via ldapsearch to check if this is replication
> conflict?
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>
>
Use the latest docs, just in case they are more accurate:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150909/38e5fe87/attachment.htm>
More information about the Freeipa-devel
mailing list