Hi Harald,
anything noticeable in the error logs when the problem occurred ?
(DB_DEADLOCK)
best regards
thierry
On 06/20/2018 02:56 PM, Harald Dunkel via FreeIPA-users wrote:
Hi folks,
something got corrupted in my ldap database (again). After running
% ipa user-mod --rename=bobk bobs
I get
% getent passwd bobs
% getent passwd bobk
%
The UID became unusable. (Highly painful, because this user is cut off
from EMails.) This is what I see:
% ipa user-find bobs
--------------
1 user matched
--------------
User login: bobk
First name: Bob
Last name: S
Home directory: /home/bobs
Login shell: /bin/bash
Principal alias: b...@example.de
Email address: b...@example.de
UID: 1032
GID: 100
Account disabled: False
----------------------------
Number of entries returned 1
----------------------------
% ipa user-find bobk
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------
% ipa user-find --login bobk
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------
% ipa user-find --login bobs
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------
Neither login name is found. Using ldap some data is still
available:
% ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=de
'(uid=bobs)'
dn: uid=bobk,cn=users,cn=accounts,dc=example,dc=de
gecos: Bob S
displayName: Bob S
krbPrincipalName: b...@example.de
mepManagedEntry: cn=bobk,cn=groups,cn=accounts,dc=example,dc=de
memberOf: cn=ipausers,cn=groups,cn=accounts,dc=example,dc=de
memberOf: cn=projects,cn=groups,cn=accounts,dc=example,dc=de
memberOf: cn=develop,cn=groups,cn=accounts,dc=example,dc=de
uid: bobk
krbLastSuccessfulAuth: 20180607201703Z
krbLoginFailedCount: 0
krbLastFailedAuth: 20180606135524Z
ipaUniqueID: 35292e46-ad70-11e5-8123-0016cc46e69a
givenName: Bob
mail: b...@example.de
homeDirectory: /home/bobs
sn: S
gidNumber: 100
initials: JS
uidNumber: 1032
loginShell: /bin/bash
objectClass: ipaobject
objectClass: person
objectClass: top
objectClass: ipasshuser
objectClass: inetorgperson
objectClass: organizationalperson
objectClass: krbticketpolicyaux
objectClass: krbprincipalaux
objectClass: inetuser
objectClass: posixaccount
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
cn: Bob S
krbLastPwdChange: 20160104091328Z
krbPasswordExpiration: 20400825091328Z
krbExtraData:: AAK4N4pWanNjaHVsdGVAQUlYSUdPLkRFAA==
krbLastAdminUnlock: 20160314150305Z
% ldapsearch -LLL -Y GSSAPI -b
cn=users,cn=accounts,dc=example,dc=de '(uid=bobk)'
%
Using jxplorer I see the entry for "bobk" (on 2 replicas), but if I
try to
look inside I get an error popup "unable to perform read operation".
On the
other 4 replicas I see "bobs" (no problem here).
WTH? How can I cleanup this mess?
Every helpful comment is highly appreciated
Harri
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/UB477YJDVHK4242T54KHH65MCZONLCJF/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/WTUZLBJ55CSKE4KFTMEHLL7GVQIKH66X/
