[Freeipa-users] ipa user-find finds user but ipa user-del fails
Ron
rap at phas.ubc.ca
Wed Sep 3 20:44:32 UTC 2014
By the way, all three replica servers show the same:
[root at ipa]# ipa user-find --all --raw --login phys210e | grep dn:
dn:
nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=xxxx,dc=abc,dc=ca
[root at ipa01]# ipa user-find --all --raw --login phys210e | grep dn:
dn:
nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=xxxx,dc=abc,dc=ca
[root at ipa02]# ipa user-find --all --raw --login phys210e | grep dn:
dn:
nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=xxxx,dc=abc,dc=ca
On 09/03/2014 12:26 PM, Rob Crittenden wrote:
> Ron wrote:
>> And here is the result of the user-show command:
>> [root at ipa slapd-pxxx-abc-CA]# ipa user-show --all --raw phys210e
>> ipa: ERROR: phys210e: user not found
> Sorry, thinko on my part. Do ipa user-find --all --raw --login phys210e
>
> user-show is going to have the same issue as user-delete.
>
> rob
>
>>
>>
>> On 09/03/2014 10:43 AM, Rob Crittenden wrote:
>>> Martin Kosek wrote:
>>>> Can you check /var/log/dirsrv/slapd-YOUR-REALM/access, search for the DEL
>>>> operation and see what was the error code that DS gave when it refused to
>>>> delete the user?
>>> Were I to guess the issue is that this is a replication conflict entry.
>>> If you do:
>>>
>>> # ipa user-show --all --raw phys210e |grep dn:
>>>
>>> It will likely begin with nsuniqueid=<hex>, ...
>>>
>>> The reason it can be found and not deleted is we create the dn to be
>>> removed, we don't search for it. So the user uid=phys210e,cn=users,...
>>> etc doesn't exist but the user nsuniqueid=<hex> ... does.
>>>
>>> You'll need to use ldapmodify or ldapdelete to remove the entry though
>>> I'd check your other masters to see what the state of the user is there.
>>>
>>> rob
>>>
>>>> Martin
>>>>
>>>> On 09/03/2014 06:18 PM, Ron wrote:
>>>>> user-find sees a user but user-del cannot remove it. What can I do?
>>>>> Thanks.
>>>>> Regards,
>>>>> Ron
>>>>>
>>>>> [root at ipa]# ipa user-find --login phys210e
>>>>> --------------
>>>>> 1 user matched
>>>>> --------------
>>>>> User login: phys210e
>>>>> First name: Testing
>>>>> Last name: Phys210
>>>>> Home directory: /home2/phys210e
>>>>> Login shell: /bin/bash
>>>>> Email address: phys210e at pxxx.abc.ca
>>>>> UID: 15010
>>>>> GID: 15010
>>>>> Account disabled: False
>>>>> Password: True
>>>>> Kerberos keys available: False
>>>>> ----------------------------
>>>>> Number of entries returned 1
>>>>> ----------------------------
>>>>> [root at ipa]# ipa user-del phys210e --continue
>>>>> ---------------
>>>>> Deleted user ""
>>>>> ---------------
>>>>> Failed to remove: phys210e
>>>>>
>>>>>
>>>>> [root at ipa]# cat /etc/redhat-release
>>>>> Red Hat Enterprise Linux Server release 6.5 (Santiago)
>>>>>
>>>>> [root at ipa]# rpm -qa|grep ipa; rpm -qa|grep 389
>>>>> ipa-pki-ca-theme-9.0.3-7.el6.noarch
>>>>> ipa-admintools-3.0.0-37.el6.i686
>>>>> ipa-pki-common-theme-9.0.3-7.el6.noarch
>>>>> libipa_hbac-1.9.2-129.el6_5.4.i686
>>>>> ipa-server-selinux-3.0.0-37.el6.i686
>>>>> python-iniparse-0.3.1-2.1.el6.noarch
>>>>> libipa_hbac-python-1.9.2-129.el6_5.4.i686
>>>>> ipa-server-3.0.0-37.el6.i686
>>>>> ipa-python-3.0.0-37.el6.i686
>>>>> ipa-client-3.0.0-37.el6.i686
>>>>> 389-ds-base-libs-1.2.11.15-33.el6_5.i686
>>>>> 389-ds-base-1.2.11.15-33.el6_5.i686
>>
>> --
>> Ron Parachoniak
>> Systems Manager, Department of Physics & Astronomy
>> University of British Columbia, Vancouver, B.C. V6T 1Z1
>> Phone: (604) 838-6437
>>
--
Ron Parachoniak
Systems Manager, Department of Physics & Astronomy
University of British Columbia, Vancouver, B.C. V6T 1Z1
Phone: (604) 838-6437
More information about the Freeipa-users
mailing list