[Freeipa-users] deleting ipa user

Ludwig Krispenz lkrispen at redhat.com
Wed Apr 29 13:22:00 UTC 2015 

On 04/29/2015 03:14 PM, thierry bordaz wrote:
> On 04/29/2015 02:43 PM, Andy Thompson wrote:
>>> -----Original Message-----
>>> From: Martin Kosek [mailto:mkosek at redhat.com]
>>> Sent: Wednesday, April 29, 2015 8:31 AM
>>> To: Andy Thompson;freeipa-users at redhat.com; Ludwig Krispenz; Thierry
>>> Bordaz
>>> Subject: Re: [Freeipa-users] deleting ipa user
>>>
>>> On 04/29/2015 01:26 PM, Andy Thompson wrote:
>>>> I'm trying to delete an IPA account and I get a generic "operations error"
>>> when trying to remove it.  It looks like something is messed up with the
>>> group object.  The user doesn't show up in the ipausers group and there also
>>> isn't a group object for the user in question.  Here is the error from the
>>> attempt.
>>>> [29/Apr/2015:07:21:32 -0400] referint-plugin - _update_all_per_mod:
>>>> entry cn=ipausers,cn=groups,cn=accounts,dc=domain,dc=com: deleting
>>>> "member: uid=<username>,cn=users,cn=accounts,dc=domain,dc=com"
>>> failed
>>>> (16)
>>>> [29/Apr/2015:07:21:32 -0400] referint-plugin - _update_all_per_mod:
>>>> entry
>>>> ipaUniqueID=3897c894-e764-11e4-b05b-
>>> 005056a92af3,cn=hbac,dc=domain,dc=
>>>> com: deleting "memberUser:
>>>> uid=<username>,cn=users,cn=accounts,dc=domain,dc=com" failed (16)
>>>> [29/Apr/2015:07:21:32 -0400] ldbm_back_delete - conn=0 op=0 Turning a
>>>> tombstone into a tombstone!
>>>> "nsuniqueid=7e1a1f87-e82611e4-99f1b343-
>>> f0abc1a8,cn=<username>,cn=group
>>>> s,cn=accounts,dc=domain,dc=com"; e: 0x7fcc84226070, cache_state: 0x0,
>>>> refcnt: 1
>>>> [29/Apr/2015:07:21:32 -0400] managed-entries-plugin - mep_del_post_op:
>>>> failed to delete managed entry
>>>> (cn=<username>,cn=groups,cn=accounts,dc=domain,dc=com) - error (1)
>>>> [29/Apr/2015:07:21:32 -0400] ldbm_back_delete - conn=0 op=0 Turning a
>>>> tombstone into a tombstone!
>>>> "nsuniqueid=7e1a1f87-e82611e4-99f1b343-
>>> f0abc1a8,cn=<username>,cn=group
>>>> s,cn=accounts,dc=domain,dc=com"; e: 0x7fcc84226070, cache_state: 0x0,
>>>> refcnt: 1
>>>> [29/Apr/2015:07:21:32 -0400] managed-entries-plugin - mep_del_post_op:
>>>> failed to delete managed entry
>>>> (cn=<username>,cn=groups,cn=accounts,dc=domain,dc=com) - error (1)
>>> This is the first time I see this error. CCing Ludwig or Thierry to advise.
>>>
>>> Andy, please also include FreeIPA and 389-ds-base packages versions so that
>>> Thierry and Ludwig know what to look at.
>>>
>> Here you go
>>
>> ipa-server-4.1.0-18.el7_1.3.x86_64
>> 389-ds-base-1.3.3.1-15.el7_1.x86_64
>>
>> Thanks much
>>
>> -andy
>>
>>
> Hello,
>
> I wonder it is not a similar issue I hit 
> https://fedorahosted.org/389/ticket/48165. What differs is 
> '_update_all_per_mod' logs but could be a consequence of the same bug.
I think what differs taht in the ticket there is an attempt to delete an 
existng entry, but in the log snippet provided it attempts to delete a 
tombstone entry (an entry which was already deleted).
So the errors logged by DS seem to be ok, but why does IPA want to 
delete an already deleted user ? but mybe only the mep plugin finds a 
tombstone and tries to delete it.

What was the command executed, is the result the same if repeated ?
> ? I have a non systematic test case for 48165.
> Is it happening systematically in your case ?
>
> thanks
> thierry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150429/79c65a7b/attachment.htm>

More information about the Freeipa-users mailing list