Sandor Juhasz wrote: > Was detached and deleted prior to the user's deletion. > First modified by > dn: cn=<USERID>,cn=groups,cn=accounts,dc=cxn > changetype: modify > delete: objectclass > objectclass: mepManagedEntry > - > delete: mepManagedBy > > Then deleted.
I don't know if this is the issue or not but the user still shows: objectClass: mepOriginEntry mepManagedEntry: cn=<USERID>,cn=groups,cn=accounts,dc=cxn What led you to manually disconnect the group? rob > -- > *Sándor Juhász* > System Administrator > *ChemAxon* *Kft*. > Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 > Cell: +36704258964 > > > On Wed, Aug 7, 2019 at 3:58 PM Rob Crittenden <rcrit...@redhat.com > <mailto:rcrit...@redhat.com>> wrote: > > Sandor Juhasz via FreeIPA-users wrote: > > We have an entry, what after clicking delete on the UI got partially > > deleted. > > The compat tree entry is gone. > > The accounts tree entry is there. > > ldapsearch finds the entry by uid, but does fail by dn. > > ipa user-show <USERID> finds the user > > ipa user-del <USERID> says no such user > > ldapdelete fails to delete the entry by dn with err=32 > > Web ui shows user > > User content can be modified from ipa cli and web ui - like name, > shell, > > but cannot be deleted > > Other entries can be created and deleted without issue. > > We have 4way master-master replication. Tried cli on 3 and got same > > result and issue. > > The third is not touched and the entry is available there both > accounts > > and compat tree. > > > > > > ipa-server-4.6.4-10.el7.centos.3.x86_64 > > CentOS Linux release 7.6.1810 (Core) > > > > On full broken master: > > # <USERID>, users, accounts, cxn > > dn: uid=<USERID>,cn=users,cn=accounts,dc=cxn > > gecos: FOO BAR > > displayName: FOO BAR > > krbLastAdminUnlock: 20190807124134Z > > krbLoginFailedCount: 0 > > memberOf: cn=ipausers,cn=groups,cn=accounts,dc=cxn > > memberOf: cn=somegroup1,cn=groups,cn=accounts,dc=cxn > > memberOf: cn=somegroupt2,cn=groups,cn=accounts,dc=cxn > > gidNumber: <GID> > > uidNumber: <UID> > > ipaUniqueID: <RANDOMUNIQUEID> > > cn: BAZ > > givenName: FOO > > krbPrincipalName: <USERID>@CXN > > mail: <MAIL> > > homeDirectory: /home/<USERID> > > sn: BAR > > initials: cU > > loginShell: /bin/false > > objectClass: ipaobject > > objectClass: person > > objectClass: top > > objectClass: ipasshuser > > objectClass: inetorgperson > > objectClass: organizationalperson > > objectClass: krbticketpolicyaux > > objectClass: krbprincipalaux > > objectClass: inetuser > > objectClass: posixaccount > > objectClass: ipaSshGroupOfPubKeys > > objectClass: mepOriginEntry > > krbCanonicalName: <USERID>@CXN > > uid: <USERID> > > mepManagedEntry: cn=<USERID>,cn=groups,cn=accounts,dc=cxn > > krbPasswordExpiration: 20170615133527Z > > krbLastPwdChange: 20170615133527Z > > krbExtraData:: AAIfjUJZcm9vdC9hZG1pbkBDWE4A > > Can you check to see if the group entry exists, > cn=<USERID>,cn=groups,cn=accounts,dc=cxn via ldapsearch? > > rob > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org