[Freeipa-users] User removed from IPA but still present in LDAP, so cannot him again in IPA web UI
Fujisan
fujisan43 at gmail.com
Thu Oct 1 15:34:26 UTC 2015
I get this:
-----------------------------
$ ldapsearch -D cn=directory\ manager -W -b cn=accounts,dc=mydomain
'(uid=user1*)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=accounts,dc=mydomain> with scope subtree
# filter: (uid=user1*)
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
-----------------------------
On Thu, Oct 1, 2015 at 4:33 PM, Alexander Bokovoy <abokovoy at redhat.com>
wrote:
> On Thu, 01 Oct 2015, Fujisan wrote:
>
>> Hello,
>>
>> I want to add user 'user1' with the freeipa web UI. It is not present in
>> the list of users in the web UI but when I click "add", it says 'user with
>> name "user1" already exists'.
>>
>> ldapsearch shows 'user1' is there:
>> ---------------------------------------------------------------
>> $ ldapsearch -x -h ipasrv uid=user1
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=mydomain> (default) with scope subtree
>> # filter: uid=user1
>> # requesting: ALL
>> #
>>
>> # user1, users, compat, mydomain
>> dn: uid=user1,cn=users,cn=compat,dc=mydomain
>> objectClass: posixAccount
>> objectClass: top
>> cn: user one
>> gidNumber: 1029
>> gecos: user one
>> uidNumber: 1029
>> loginShell: /bin/bash
>> homeDirectory: /home/user1
>> uid: user1
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>> ---------------------------------------------------------------
>>
>> and ldapdelete doesn't work:
>> ---------------------------------------------------------------
>> $ ldapdelete -x -h ipasrv 'uid=user1,cn=users,cn=compat,dc=mydomain'
>> ldap_delete: No such object (32)
>> matched DN: dc=mydomain
>> ---------------------------------------------------------------
>>
>> How can I remove 'user1' completely?
>>
> Compat tree (cn=compat,dc=mydomain) is a read-only tree which is
> generated based on the primary tree (in cn=accounts,dc=mydomain).
>
> If there is no entry in the primary tree, there wouldn't be any entry in
> compat tree because it only adds (or removes) entries based on their
> existence in the primary tree.
>
> What I see looks like a replication conflict that might have left an
> entry named
> uid=user1+nsuniqueid=<something>,cn=users,cn=accounts,dc=mydomain and
> which caused creation of this compat tree entry.
>
> Can you show output of ldapsearch -D cn=directory\ manager -W -b
> cn=accounts,dc=mydomain '(uid=user1*)'
> ?
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151001/2b20dd06/attachment.htm>
More information about the Freeipa-users
mailing list