[Freeipa-users] ipa user-del not deleting the ldap entry
Chase Khoury
ckhoury at vt.edu
Wed Jun 25 15:19:23 UTC 2014
rpm -qa|grep ipa
ipa-server-3.0.0-37.el6.x86_64
rpm -qa|grep 389
389-ds-base-1.2.11.15-29.el6.x86_64
389-ds-base-libs.1.2.11.15-29.el6.x86_64
=======================================
/var/log/dirsrv/slapd-DOMAIN/errors
=======================================
[23/Jun/214:11:34:27-0400] referint-plugin - _update_all_per_mod:
entry cn=667a2b330ee4c889c6dadcd66c086dc,ou=tenants,cn=openstack+nsuniqueid=6ff1b881-d48811e3-89c8890f-56b4c812,dc=example,dc=com:
deleting "member: uid=foo,cn=users,cn=accounts,dc=example,dc=com"
failed (16)
[23/Jun/2014:11:34:27-0400]referint-plugin - _update_all_per_mod:
entry cn=enabled_users,cn=openstack+nsuniqueid=6ff1b881-d48811e3-89c8890f-56b4c812,dc=example,dc=com:
deleting "member: uid=foo,cn=users,cn=accounts,dc=example,dc=com"
failed (16)
[23/Jun/2014:11:34:27-0400] referint-plugin - _update_all_per_mod:
entry cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com: deleting
"member:uid=foo,cn=users,cn=accounts,dc=example,dc=com" failed (16)
[23/Jun/2014:11:34:43-0400] ipalockout_preop - [file ipa_lockout.c,
line 722]: Failed to retrieve entry
"uid=rhospadmin,cn=users,cn=accounts,dc=example,dc=com": 32
[23/Jun/2014:11:34:43-0400]ipalockout_postop - [file ipa_lockout.c,
line 473]: Failed to retrieve entry
"uid=rhospadmin,cn=users,cn=accounts,dc=example,dc=com": 32
[23/Jun/2014:11:35:39-0400] referint-plugin - _update_all_per_mod:
entry cn=enabled_tenants,cn=openstack+nsuniqueid=6ff1b881-d48811e3-89c8890f-56b4c812,dc=example,dc=com:
deleting "member: uid=tenants,cn=users,cn=accounts,dc=example,dc=com"
failed (16)
[23/Jun/2014:11:35:39-0400] referint-plugin - _update_all_per_mod:
entry cn=enabled_tenants,cn=openstack+nsuniqueid=6ff1b881-d48811e3-89c8890f-56b4c812,dc=example,dc=com:
deleting "member:
uid=openstack,cn=users,cn=accounts,dc=example,dc=com" failed (16)
[23/Jun/2014:11:35:41-0400] ldbm_back_modify -Attempt to modify a
tombstone entry
nsuiqueid=d2138508-faeb11e3-89c8890f-56b4c812,cn=Manage
OpenStack,cn=privileges,cn=pbac,dc=example,dc=com
=======================================
On 6/24/14, Rich Megginson <rmeggins at redhat.com> wrote:
> On 06/24/2014 09:46 AM, Chase Khoury wrote:
>> Hello,
>> I am having issues with deleting an ipa user. When I do an 'ipa
>> user-del foo' there still remains reminisces of the user that are
>> causing issues.
>> I have a freeIPA server setup with 3 replica servers set up.
>> When I did an ipa user-del foo it did not fully delete the user.
>> if I do an ipa user-add foo after the delete I get an "ipa ERROR: user
>> with the name "foo" already exists"
>> If I do a ipa user-show foo I get "ipa ERROR: foo: user not found"
>> if I do an ipa user-find foo it returns an entry.
>> --------------
>> 1 user matched
>> --------------
>> User login: foo
>> First name: foo
>> Last name: bar
>> Home directory: /home/foo
>> login shell: /bin/bash
>> Email address: foo at bar.com
>> UID: 5021
>> GID: 5021
>> Account disabled: False
>> Password: True
>> Kerberos keys available: True
>> ----------------------------
>> Number of entries returned 1
>> ----------------------------
>>
>> If I do an ldapsearch for the user it still has a user entry.
>> When trying to do an ldapdelete I get the error "Server is unwilling
>> to perform (53)"
>>
>> Does anyone know why this happened or how to clean up the server so I
>> can get it into a state when I can successful do an ipa-user-add foo?
> What version of ipa are you using? What version of 389?
> rpm -qa|grep ipa
> rpm -qa|grep 389
>
> Can you provide excerpts from your 389 errors log
> /var/log/dirsrv/slapd-DOMAIN/errors from around the time of the problems
> mentioned above?
>
>
More information about the Freeipa-users
mailing list