[Freeipa-users] deleting ipa user
Ludwig Krispenz
lkrispen at redhat.com
Wed Apr 29 15:27:34 UTC 2015
On 04/29/2015 05:08 PM, Andy Thompson wrote:
>
>> -----Original Message-----
>> From: Ludwig Krispenz [mailto:lkrispen at redhat.com]
>> Sent: Wednesday, April 29, 2015 10:59 AM
>> To: Andy Thompson
>> Cc: thierry bordaz; Martin Kosek; freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] deleting ipa user
>>
>>
>> On 04/29/2015 04:49 PM, Andy Thompson wrote:
>>>> -----Original Message-----
>>>> From: Ludwig Krispenz [mailto:lkrispen at redhat.com]
>>>> Sent: Wednesday, April 29, 2015 10:51 AM
>>>> To: Andy Thompson
>>>> Cc: thierry bordaz; Martin Kosek; freeipa-users at redhat.com
>>>> Subject: Re: [Freeipa-users] deleting ipa user
>>>>
>>>> did you run the searches as directory manager ?
>>>>
>>> Yep sure did
>> that's weird, as directory manager you should be able to see the
>> nscpentrywsi attribute, could you paste your full search request ?
> This returns the object
>
> ldapsearch -LLL -o ldif-wrap=no -H ldap://mdhixnpipa02 -x -D "cn=directory manager" -W -b "dc=..." "(&(objectclass=nstombstone)(nsuniqueid=7e1a1f87-e82611e4-99f1b343-f0abc1a8))" | grep -i objectClass
>
> This returns nothing
>
> ldapsearch -LLL -o ldif-wrap=no -H ldap://mdhixnpipa02 -x -D "cn=directory manager" -W -b "dc=..." "(&(objectclass=nstombstone)(nsuniqueid=7e1a1f87-e82611e4-99f1b343-f0abc1a8))" nscpentrywsi | grep -i objectClass
and if you omit the grep ? still puzzled.
what is logged in the access log for these two searches?
>
>
>>>
>>>> On 04/29/2015 04:34 PM, Andy Thompson wrote:
>>>>>> -----Original Message-----
>>>>>> From: Ludwig Krispenz [mailto:lkrispen at redhat.com]
>>>>>> Sent: Wednesday, April 29, 2015 10:28 AM
>>>>>> To: Andy Thompson
>>>>>> Cc: thierry bordaz; Martin Kosek; freeipa-users at redhat.com
>>>>>> Subject: Re: [Freeipa-users] deleting ipa user
>>>>>>
>>>>>> can you do the followin search on both servers ?
>>>>>>
>>>>>> ldapsearch -LLL -o ldif-wrap=no -h xxx p xxx -x -D
>>>>>> "cn=directory manager" - w xxx -b "dc=xxx...."
>>>>>> "(&(objectclass=nstombstone)(nsuniqueid=7e1a1f87-e82611e4-
>>>> 99f1b343-
>>>>>> f0abc1a8))"
>>>>>> nscpentrywsi | grep -i objectClass
>>>>> The server that I initially attempted the deletion on returns nothing.
>>>>> The second server (the one currently throwing the consumer failed
>>>>> replay error) returns this if I remove the nscpentrywsi attribute
>>>>> filter. If I leave the attribute filter I don't get anything
>>>>>
>>>>> objectClass: posixgroup
>>>>> objectClass: ipaobject
>>>>> objectClass: mepManagedEntry
>>>>> objectClass: top
>>>>> objectClass: nsTombstone
>>>>>
>>>>> -andy
More information about the Freeipa-users
mailing list