[Freeipa-users] ipa user-del not deleting the ldap entry

[Rich Megginson]

On 06/24/2014 09:46 AM, Chase Khoury wrote:
> Hello,
>   I am having issues with deleting an ipa user. When I do an 'ipa
> user-del foo' there still remains reminisces of the user that are
> causing issues.
> I have a freeIPA server setup with 3 replica servers set up.
> When I did an ipa user-del foo it did not fully delete the user.
> if I do an ipa user-add foo after the delete I get an "ipa ERROR: user
> with the name "foo" already exists"
> If I do a ipa user-show foo I get "ipa ERROR: foo: user not found"
> if I do an ipa user-find foo it returns an entry.
> --------------
> 1 user matched
> --------------
>    User login: foo
>    First name: foo
>    Last name: bar
>    Home directory: /home/foo
>    login shell: /bin/bash
>    Email address: foo at bar.com
>    UID: 5021
>    GID: 5021
>    Account disabled: False
>    Password: True
>    Kerberos keys available: True
> ----------------------------
> Number of entries returned 1
> ----------------------------
>
> If I do an ldapsearch for the user it still has a user entry.
> When trying to do an ldapdelete I get the error "Server is unwilling
> to perform (53)"
>
> Does anyone know why this happened or how to clean up the server so I
> can get it into a state when I can successful do an ipa-user-add foo?
What version of ipa are you using?  What version of 389?
rpm -qa|grep ipa
rpm -qa|grep 389

Can you provide excerpts from your 389 errors log 
/var/log/dirsrv/slapd-DOMAIN/errors from around the time of the problems 
mentioned above?