[Freeipa-users] deleting ipa user

Andy Thompson Andy.Thompson at e-tcc.com
Wed Apr 29 15:08:58 UTC 2015 


> -----Original Message-----
> From: Ludwig Krispenz [mailto:lkrispen at redhat.com]
> Sent: Wednesday, April 29, 2015 10:59 AM
> To: Andy Thompson
> Cc: thierry bordaz; Martin Kosek; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] deleting ipa user
> 
> 
> On 04/29/2015 04:49 PM, Andy Thompson wrote:
> >> -----Original Message-----
> >> From: Ludwig Krispenz [mailto:lkrispen at redhat.com]
> >> Sent: Wednesday, April 29, 2015 10:51 AM
> >> To: Andy Thompson
> >> Cc: thierry bordaz; Martin Kosek; freeipa-users at redhat.com
> >> Subject: Re: [Freeipa-users] deleting ipa user
> >>
> >> did you run the searches as directory manager ?
> >>
> > Yep sure did
> that's weird, as directory manager you should be able to see the
> nscpentrywsi attribute, could you paste your full search request ?
> >

This returns the object

ldapsearch -LLL -o ldif-wrap=no -H ldap://mdhixnpipa02 -x -D "cn=directory manager" -W  -b "dc=..." "(&(objectclass=nstombstone)(nsuniqueid=7e1a1f87-e82611e4-99f1b343-f0abc1a8))"  | grep -i objectClass

This returns nothing

ldapsearch -LLL -o ldif-wrap=no -H ldap://mdhixnpipa02 -x -D "cn=directory manager" -W  -b "dc=..." "(&(objectclass=nstombstone)(nsuniqueid=7e1a1f87-e82611e4-99f1b343-f0abc1a8))"  nscpentrywsi | grep -i objectClass


> >
> >
> >> On 04/29/2015 04:34 PM, Andy Thompson wrote:
> >>>> -----Original Message-----
> >>>> From: Ludwig Krispenz [mailto:lkrispen at redhat.com]
> >>>> Sent: Wednesday, April 29, 2015 10:28 AM
> >>>> To: Andy Thompson
> >>>> Cc: thierry bordaz; Martin Kosek; freeipa-users at redhat.com
> >>>> Subject: Re: [Freeipa-users] deleting ipa user
> >>>>
> >>>> can you do the followin search on both servers ?
> >>>>
> >>>>     ldapsearch -LLL -o ldif-wrap=no -h xxx p xxx  -x -D
> >>>> "cn=directory manager" - w xxx  -b "dc=xxx.... "
> >>>> "(&(objectclass=nstombstone)(nsuniqueid=7e1a1f87-e82611e4-
> >> 99f1b343-
> >>>> f0abc1a8))"
> >>>> nscpentrywsi | grep -i objectClass
> >>> The server that I initially attempted the deletion on returns nothing.
> >>> The second server (the one currently throwing the consumer failed
> >>> replay error)  returns this if I remove the nscpentrywsi attribute
> >>> filter.  If I leave the attribute filter I don't get anything
> >>>
> >>> objectClass: posixgroup
> >>> objectClass: ipaobject
> >>> objectClass: mepManagedEntry
> >>> objectClass: top
> >>> objectClass: nsTombstone
> >>>
> >>> -andy

More information about the Freeipa-users mailing list