[Freeipa-users] deleting ipa user
Andy Thompson
Andy.Thompson at e-tcc.com
Wed Apr 29 15:35:18 UTC 2015
> -----Original Message-----
> From: Ludwig Krispenz [mailto:lkrispen at redhat.com]
> Sent: Wednesday, April 29, 2015 11:28 AM
> To: Andy Thompson
> Cc: thierry bordaz; Martin Kosek; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] deleting ipa user
>
>
> On 04/29/2015 05:08 PM, Andy Thompson wrote:
> >
> >> -----Original Message-----
> >> From: Ludwig Krispenz [mailto:lkrispen at redhat.com]
> >> Sent: Wednesday, April 29, 2015 10:59 AM
> >> To: Andy Thompson
> >> Cc: thierry bordaz; Martin Kosek; freeipa-users at redhat.com
> >> Subject: Re: [Freeipa-users] deleting ipa user
> >>
> >>
> >> On 04/29/2015 04:49 PM, Andy Thompson wrote:
> >>>> -----Original Message-----
> >>>> From: Ludwig Krispenz [mailto:lkrispen at redhat.com]
> >>>> Sent: Wednesday, April 29, 2015 10:51 AM
> >>>> To: Andy Thompson
> >>>> Cc: thierry bordaz; Martin Kosek; freeipa-users at redhat.com
> >>>> Subject: Re: [Freeipa-users] deleting ipa user
> >>>>
> >>>> did you run the searches as directory manager ?
> >>>>
> >>> Yep sure did
> >> that's weird, as directory manager you should be able to see the
> >> nscpentrywsi attribute, could you paste your full search request ?
> > This returns the object
> >
> > ldapsearch -LLL -o ldif-wrap=no -H ldap://mdhixnpipa02 -x -D
> > "cn=directory manager" -W -b "dc=..."
> > "(&(objectclass=nstombstone)(nsuniqueid=7e1a1f87-e82611e4-99f1b343-
> f0a
> > bc1a8))" | grep -i objectClass
> >
> > This returns nothing
> >
> > ldapsearch -LLL -o ldif-wrap=no -H ldap://mdhixnpipa02 -x -D
> > "cn=directory manager" -W -b "dc=..."
> > "(&(objectclass=nstombstone)(nsuniqueid=7e1a1f87-e82611e4-99f1b343-
> f0a
> > bc1a8))" nscpentrywsi | grep -i objectClass
> and if you omit the grep ? still puzzled.
Ah if I omit the grep on the second server I get
dn: nsuniqueid=7e1a1f87-e82611e4-99f1b343-f0abc1a8,cn=username,cn=groups,cn=accounts,dc=mhbenp,dc=lin
nscpentrywsi: dn: nsuniqueid=7e1a1f87-e82611e4-99f1b343-f0abc1a8,cn=username,cn=groups,cn=accounts,dc=mhbenp,dc=lin
nscpentrywsi: objectClass;vucsn-55364a42000500040000: posixgroup
nscpentrywsi: objectClass;vucsn-55364a42000500040000: ipaobject
nscpentrywsi: objectClass;vucsn-55364a42000500040000: mepManagedEntry
nscpentrywsi: objectClass;vucsn-55364a42000500040000: top
nscpentrywsi: objectClass;vucsn-5540deb8000300030000: nsTombstone
nscpentrywsi: cn;vucsn-55364a42000500040000;mdcsn-55364a42000500040000: gfeigh
nscpentrywsi: gidNumber;vucsn-55364a42000500040000: 1249000003
nscpentrywsi: description;vucsn-55364a42000500040000: User private group for username
nscpentrywsi: mepManagedBy;vucsn-55364a42000500040000: uid= username,cn=users,cn=accounts,dc=mhbenp,dc=lin
nscpentrywsi: creatorsName;vucsn-55364a42000500040000: cn=Managed Entries,cn=plugins,cn=config
nscpentrywsi: modifiersName;vucsn-55364a42000500040000: cn=Managed Entries,cn=plugins,cn=config
nscpentrywsi: createTimestamp;vucsn-55364a42000500040000: 20150421130152Z
nscpentrywsi: modifyTimestamp;vucsn-55364a42000500040000: 20150421130152Z
nscpentrywsi: nsUniqueId: 7e1a1f87-e82611e4-99f1b343-f0abc1a8
nscpentrywsi: ipaUniqueID;vucsn-55364a42000500040000: 94dc1638-e826-11e4-878a-005056a92af3
nscpentrywsi: parentid: 4
nscpentrywsi: entryid: 385
nscpentrywsi: nsParentUniqueId: 3763f193-e76411e4-99f1b343-f0abc1a8
nscpentrywsi: nstombstonecsn: 5540deb8000300030000
nscpentrywsi: nscpEntryDN: cn=username,cn=groups,cn=accounts,dc=mhbenp,dc=lin
nscpentrywsi: entryusn: 52327
thought I tried that before, apparently not.
> what is logged in the access log for these two searches?
> >
> >
> >>>
> >>>> On 04/29/2015 04:34 PM, Andy Thompson wrote:
> >>>>>> -----Original Message-----
> >>>>>> From: Ludwig Krispenz [mailto:lkrispen at redhat.com]
> >>>>>> Sent: Wednesday, April 29, 2015 10:28 AM
> >>>>>> To: Andy Thompson
> >>>>>> Cc: thierry bordaz; Martin Kosek; freeipa-users at redhat.com
> >>>>>> Subject: Re: [Freeipa-users] deleting ipa user
> >>>>>>
> >>>>>> can you do the followin search on both servers ?
> >>>>>>
> >>>>>> ldapsearch -LLL -o ldif-wrap=no -h xxx p xxx -x -D
> >>>>>> "cn=directory manager" - w xxx -b "dc=xxx...."
> >>>>>> "(&(objectclass=nstombstone)(nsuniqueid=7e1a1f87-e82611e4-
> >>>> 99f1b343-
> >>>>>> f0abc1a8))"
> >>>>>> nscpentrywsi | grep -i objectClass
> >>>>> The server that I initially attempted the deletion on returns nothing.
> >>>>> The second server (the one currently throwing the consumer failed
> >>>>> replay error) returns this if I remove the nscpentrywsi attribute
> >>>>> filter. If I leave the attribute filter I don't get anything
> >>>>>
> >>>>> objectClass: posixgroup
> >>>>> objectClass: ipaobject
> >>>>> objectClass: mepManagedEntry
> >>>>> objectClass: top
> >>>>> objectClass: nsTombstone
> >>>>>
> >>>>> -andy
More information about the Freeipa-users
mailing list