[Freeipa-users] Del private group fail even using command
Ludwig Krispenz
lkrispen at redhat.com
Fri Aug 1 14:39:07 UTC 2014
On 08/01/2014 11:56 AM, Tomas Babej wrote:
>
> On 08/01/2014 11:42 AM, barrykfl at gmail.com wrote:
>> Hi:
>>
>> I follow command found from here and want to del priate group but
>> fail any idea?
>> It said line 5 attribute error , any synta xwrong?
>>
>> ldapsearch -LLL -Y GSSAPI cn=barry
>>
>> ldapmodify -Y GSSAPI <<EOF
>> dn: cn=barry,cn=groups,cn=accounts,dc=abc,dc=com
>> changetype: modify
>> delete: objectclass
>> objectclass: mepManagedEntry
>> delete: mepManagedBy
>> dn: cn=barry,cn=groups,cn=accounts,dc=abcdc=com
>> changetype: delete
>> EOF
>>
>>
>>
>
> You need to first delete the mepManagedBy attribute, since it is
> allowed by the mepManagedEntry objectclass, and then removing the
> objectclass itself.
you should be able to do this in one modify operation, if the attribute
is a required attribute you even have to do it in one mod. Schema
checking is done after all the mods of an operations are applied. In the
original mod I think the separator of sub operations is missing, it
should be:
dn: cn=barry,cn=groups,cn=accounts,dc=abc,dc=com
changetype: modify
delete: objectclass
objectclass: mepManagedEntry
-
delete: mepManagedBy
>
> Performing the operations in reverse order leaves you with
> mepManagedBy in the entry, which is not allowed by any objectclass.
>
> #!RESULT OK
> #!DATE 2014-08-01T09:53:38.820
> dn:
> cn=random,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
> changetype: modify
> delete: mepManagedBy
> -
>
> #!RESULT OK
> #!DATE 2014-08-01T09:53:45.511
> dn:
> cn=random,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
> changetype: modify
> delete: objectClass
> objectClass: mepManagedEntry
> -
>
>
> --
> Tomas Babej
> Associate Software Engineer | Red Hat | Identity Management
> RHCE | Brno Site | IRC: tbabej | freeipa.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140801/d7ccb72d/attachment.htm>
More information about the Freeipa-users
mailing list