[Freeipa-users] ipa user-find finds user but ipa user-del fails

Rob Crittenden rcritten at redhat.com
Wed Sep 3 19:26:22 UTC 2014 

Ron wrote:
> And here is the result of the user-show command:
> [root at ipa slapd-pxxx-abc-CA]# ipa user-show --all --raw phys210e
> ipa: ERROR: phys210e: user not found

Sorry, thinko on my part. Do ipa user-find --all --raw --login phys210e

user-show is going to have the same issue as user-delete.

rob

> 
> 
> 
> On 09/03/2014 10:43 AM, Rob Crittenden wrote:
>> Martin Kosek wrote:
>>> Can you check /var/log/dirsrv/slapd-YOUR-REALM/access, search for the DEL
>>> operation and see what was the error code that DS gave when it refused to
>>> delete the user?
>> Were I to guess the issue is that this is a replication conflict entry.
>> If you do:
>>
>> # ipa user-show --all --raw phys210e |grep dn:
>>
>> It will likely begin with nsuniqueid=<hex>, ...
>>
>> The reason it can be found and not deleted is we create the dn to be
>> removed, we don't search for it. So the user uid=phys210e,cn=users,...
>> etc doesn't exist but the user nsuniqueid=<hex> ... does.
>>
>> You'll need to use ldapmodify or ldapdelete to remove the entry though
>> I'd check your other masters to see what the state of the user is there.
>>
>> rob
>>
>>> Martin
>>>
>>> On 09/03/2014 06:18 PM, Ron wrote:
>>>> user-find sees a user but user-del cannot remove it.  What can I do?
>>>> Thanks.
>>>> Regards,
>>>> Ron
>>>>
>>>> [root at ipa]# ipa user-find --login phys210e
>>>> --------------
>>>> 1 user matched
>>>> --------------
>>>>   User login: phys210e
>>>>   First name: Testing
>>>>   Last name: Phys210
>>>>   Home directory: /home2/phys210e
>>>>   Login shell: /bin/bash
>>>>   Email address: phys210e at pxxx.abc.ca
>>>>   UID: 15010
>>>>   GID: 15010
>>>>   Account disabled: False
>>>>   Password: True
>>>>   Kerberos keys available: False
>>>> ----------------------------
>>>> Number of entries returned 1
>>>> ----------------------------
>>>> [root at ipa]# ipa user-del phys210e --continue
>>>> ---------------
>>>> Deleted user ""
>>>> ---------------
>>>>   Failed to remove: phys210e
>>>>
>>>>
>>>> [root at ipa]# cat /etc/redhat-release
>>>> Red Hat Enterprise Linux Server release 6.5 (Santiago)
>>>>
>>>> [root at ipa]# rpm -qa|grep ipa; rpm -qa|grep 389
>>>> ipa-pki-ca-theme-9.0.3-7.el6.noarch
>>>> ipa-admintools-3.0.0-37.el6.i686
>>>> ipa-pki-common-theme-9.0.3-7.el6.noarch
>>>> libipa_hbac-1.9.2-129.el6_5.4.i686
>>>> ipa-server-selinux-3.0.0-37.el6.i686
>>>> python-iniparse-0.3.1-2.1.el6.noarch
>>>> libipa_hbac-python-1.9.2-129.el6_5.4.i686
>>>> ipa-server-3.0.0-37.el6.i686
>>>> ipa-python-3.0.0-37.el6.i686
>>>> ipa-client-3.0.0-37.el6.i686
>>>> 389-ds-base-libs-1.2.11.15-33.el6_5.i686
>>>> 389-ds-base-1.2.11.15-33.el6_5.i686
> 
> 
> -- 
> Ron Parachoniak
> Systems Manager, Department of Physics & Astronomy
> University of British Columbia, Vancouver, B.C.  V6T 1Z1
> Phone: (604) 838-6437
>

More information about the Freeipa-users mailing list