[Freeipa-users] Deleting a duplicate user
Alexander Bokovoy
abokovoy at redhat.com
Tue Aug 23 19:51:16 UTC 2016
On Tue, 23 Aug 2016, Alexander Bokovoy wrote:
>On Tue, 23 Aug 2016, Zak Wolfinger wrote:
>>We were in the final stages of migrating FreeIPA from 3.0 to 4.2.
>>During the migration, both the 3.0 replicas and the 4.2 replicas were
>>in the replica pool. User account changes made to 3.0 would replicate
>>to 4.2 just fine, but changes wouldn’t replicate from 4.2 to 3.0.
>>
>>Admins should have been aware of this and performing all changes to the
>>3.0 replicas. However 2 accounts were created on the 4.2 replicas and
>>then also added to the 3.0 replicas. This resulted in a replication
>>conflict and each user account has a duplicate with the same username
>>but different UIDs.
>>
>>I want to delete the duplicates. “ipa user-del” will not take the UID
>>as an identifier, only the username. Using just the username fails
>>with an error due to the duplicate accounts.
>>
>>The old 3.0 replicas have all been removed from the pool and
>>decommissioned. It would be tons of work to bring them back into
>>production.
>>
>>Any thoughts on how to fix this issue?
>You can delete wrong entry using ldapdelete.
>
>Search for the records with 'ipa user-find' first:
>
>[root ipa]# ipa user-find --all --raw --login myuser | grep dn:
> dn: nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=myuser,cn=users,cn=accounts,dc=xxxx,dc=exampe,dc=com
>
>This gives you a DN of the conflict entry. Now you can delete it with
>ldapdelete:
>
>[root ipa]# ldapdelete -Y GSSPAI nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=myuser,cn=users,cn=accounts,dc=xxxx,dc=exampe,dc=com
s/GSSPAI/GSSAPI/, of course.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list