[Freeipa-users] User removed from IPA but still present in LDAP, so cannot him again in IPA web UI
Fujisan
fujisan43 at gmail.com
Fri Oct 2 08:35:15 UTC 2015
Yep! Rebooting is just what I needed.
It just cleaned LDAP from user1. I could create 'user1' again within the
FreeIPA web UI.
$ ldapsearch -x -h ipasrv uid=user1
# extended LDIF
#
# LDAPv3
# base <dc=mydomain> (default) with scope subtree
# filter: uid=user1
# requesting: ALL
#
# user1, users, compat, mydomain
dn: uid=user1,cn=users,cn=compat,dc=mydomain
cn: user one
objectClass: posixAccount
objectClass: top
gidNumber: 1034
gecos: user one
uidNumber: 1034
loginShell: /bin/bash
homeDirectory: /home/user1
uid: user1
# user1, users, accounts, mydomain
dn: uid=user1,cn=users,cn=accounts,dc=mydomain
displayName: user one
cn: user one
objectClass: ipaobject
objectClass: person
objectClass: top
objectClass: ipasshuser
objectClass: inetorgperson
objectClass: organizationalperson
objectClass: krbticketpolicyaux
objectClass: krbprincipalaux
objectClass: inetuser
objectClass: posixaccount
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
objectClass: ipantuserattrs
loginShell: /bin/bash
initials: uo
gecos: user one
homeDirectory: /home/user1
uid: user1
givenName: user
sn: one
uidNumber: 1034
gidNumber: 1034
ipaNTSecurityIdentifier: S-1-5-21-1490379376-134147230-3409394544-1034
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
And after deleting it again:
$ ldapsearch -x -h ipasrv uid=user1
# extended LDIF
#
# LDAPv3
# base <dc=mydomain> (default) with scope subtree
# filter: uid=user1
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
I probably messed around a bit while configuring with IPA.
Thank you.
On Fri, Oct 2, 2015 at 10:04 AM, Alexander Bokovoy <abokovoy at redhat.com>
wrote:
> On Thu, 01 Oct 2015, Fujisan wrote:
>
>> I get this:
>>
>> -----------------------------
>> $ ldapsearch -D cn=directory\ manager -W -b cn=accounts,dc=mydomain
>> '(uid=user1*)'
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=accounts,dc=mydomain> with scope subtree
>> # filter: (uid=user1*)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 1
>> -----------------------------
>>
> as it should be, i.e. no entry.
>
> Can you restart LDAP server? If compat tree entry persists after
> restart, it means there is indeed somewhere an entry that is turned into
> the compat one and we then can analyse it more.
>
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151002/2daff2fd/attachment.htm>
More information about the Freeipa-users
mailing list