Kathy Zhu wrote: > Hi Rob, > > Thank you! That filter did the trick. There are 9 pTRRecord in the zone! > See attached for details. What is the safe way to delete those "hidden" > records? I assume that the zone can be deleted after those pTRRecord > being deleted first. Many thanks.
Use ldapdelete to remove the conflicts using the DN, e.g: $ ldapdelete -Y GSSAPI idnsName=200+nsuniqueid=0aa41606-f47811ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com rob > > Kathy. > > [root@ipa0 ~]$ ldapsearch -Y GSSAPI -b > idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > SASL/GSSAPI authentication started > > SASL username: ad...@example.com <mailto:ad...@example.com> > > SASL SSF: 256 > > SASL data security layer installed. > > # extended LDIF > > # > > # LDAPv3 > > # base <idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com> with > scope subtree > > # filter: (objectclass=*) > > # requesting: ALL > > # > > > # 15.0.10.in-addr.arpa., dns, example.com <http://example.com> > > dn: idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > idnsSOAserial: 1630088951 > > idnsZoneActive: FALSE > > idnsSOAminimum: 3600 > > idnsSOAexpire: 1209600 > > idnsSOAretry: 900 > > idnsSOArefresh: 3600 > > idnsAllowQuery: any; > > idnsSOArName: hostmaster > > idnsAllowDynUpdate: TRUE > > idnsSOAmName: ipa0.example.com <http://ipa0.example.com>. > > idnsName: 15.0.10.in-addr.arpa. > > idnsUpdatePolicy: grant EXAMPLE.COM <http://EXAMPLE.COM> krb5-subdomain > 15.0.10.in-addr.arpa. PTR; grant dhcp-key wildcard * ANY; > > idnsAllowTransfer: none; > > objectClass: top > > objectClass: idnsrecord > > objectClass: idnszone > > nSRecord: ipa0.example.com <http://ipa0.example.com>. > > nSRecord: ipa2.example.com <http://ipa2.example.com>. > > nSRecord: ipa3.example.com <http://ipa3.example.com>. > > nSRecord: hou1-ipa1.example.com <http://hou1-ipa1.example.com>. > > nSRecord: sfo1-ipa1.example.com <http://sfo1-ipa1.example.com>. > > nSRecord: hou2-ipa1.example.com <http://hou2-ipa1.example.com>. > > nSRecord: hq-ipa1.example.com <http://hq-ipa1.example.com>. > > nSRecord: gcc2-ipa1.example.com <http://gcc2-ipa1.example.com>. > > > # search result > > search: 4 > > result: 0 Success > > > # numResponses: 2 > > # numEntries: 1 > > [root@ipa0 ~]$ ldapsearch -Y GSSAPI -b > idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > '(objectclass=ldapsubentry)' > > SASL/GSSAPI authentication started > > SASL username: ad...@example.com <mailto:ad...@example.com> > > SASL SSF: 256 > > SASL data security layer installed. > > # extended LDIF > > # > > # LDAPv3 > > # base <idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com> with > scope subtree > > # filter: (objectclass=ldapsubentry) > > # requesting: ALL > > # > > > # 200 + 0aa41606-f47811ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > example.com <http://example.com> > > dn: > idnsName=200+nsuniqueid=0aa41606-f47811ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > pTRRecord: user9-laptop.example.com <http://user9-laptop.example.com>. > > dNSTTL: 300 > > objectClass: idnsRecord > > objectClass: top > > objectClass: ldapsubentry > > idnsName: 200 > > > # 155 + f3e40606-f6a711ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > example.com <http://example.com> > > dn: > idnsName=155+nsuniqueid=f3e40606-f6a711ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > pTRRecord: user7-laptop.example.com <http://user7-laptop.example.com>. > > dNSTTL: 300 > > objectClass: idnsRecord > > objectClass: top > > objectClass: ldapsubentry > > idnsName: 155 > > > # 183 + c0f24006-f6b011ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > example.com <http://example.com> > > dn: > idnsName=183+nsuniqueid=c0f24006-f6b011ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > pTRRecord: DESKTOP-test.example.com <http://DESKTOP-test.example.com>. > > dNSTTL: 300 > > objectClass: idnsRecord > > objectClass: top > > objectClass: ldapsubentry > > idnsName: 183 > > > # 101 + 4a137207-f6c511ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > example.com <http://example.com> > > dn: > idnsName=101+nsuniqueid=4a137207-f6c511ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > pTRRecord: test-laptop.example.com <http://test-laptop.example.com>. > > dNSTTL: 300 > > objectClass: idnsRecord > > objectClass: top > > objectClass: ldapsubentry > > idnsName: 101 > > > # 74 + 1ccac207-f6cd11ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > example.com <http://example.com> > > dn: > idnsName=74+nsuniqueid=1ccac207-f6cd11ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > pTRRecord: jsmith-laptop.example.com <http://jsmith-laptop.example.com>. > > dNSTTL: 300 > > objectClass: idnsRecord > > objectClass: top > > objectClass: ldapsubentry > > idnsName: 74 > > > # 63 + bdd08006-f79411ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > example.com <http://example.com> > > dn: > idnsName=63+nsuniqueid=bdd08006-f79411ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > pTRRecord: kwang-laptop.example.com <http://kwang-laptop.example.com>. > > dNSTTL: 300 > > objectClass: idnsRecord > > objectClass: top > > objectClass: ldapsubentry > > idnsName: 63 > > > # 160 + ea49d205-f85011ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > example.com <http://example.com> > > dn: > idnsName=160+nsuniqueid=ea49d205-f85011ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > pTRRecord: john-laptop.example.com <http://john-laptop.example.com>. > > dNSTTL: 300 > > objectClass: idnsRecord > > objectClass: top > > objectClass: ldapsubentry > > idnsName: 160 > > > # 32 + e7f77005-f87011ea-9c15fb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > example.com <http://example.com> > > dn: > idnsName=32+nsuniqueid=e7f77005-f87011ea-9c15fb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > pTRRecord: key10-laptop.example.com <http://key10-laptop.example.com>. > > dNSTTL: 300 > > objectClass: idnsRecord > > objectClass: top > > objectClass: ldapsubentry > > idnsName: 32 > > > # 66 + 3fc5b812-c04911eb-b84afb86-bfdbf4a5, 15.0.10.in-addr.arpa., dns, > example.com <http://example.com> > > dn: > idnsName=66+nsuniqueid=3fc5b812-c04911eb-b84afb86-bfdbf4a5,idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > pTRRecord: load8-laptop.example.com <http://load8-laptop.example.com>. > > dNSTTL: 300 > > objectClass: idnsRecord > > objectClass: top > > objectClass: ldapsubentry > > idnsName: 66 > > > # search result > > search: 4 > > result: 0 Success > > > # numResponses: 10 > > # numEntries: 9 > > [root@ipa0 ~]$ > > > On Fri, Aug 27, 2021 at 9:58 AM Rob Crittenden <rcrit...@redhat.com > <mailto:rcrit...@redhat.com>> wrote: > > Kathy Zhu wrote: > > Hi Rob, > > > > There are 5 more reverse zones which can not be deleted as well. IPA > > said "Not allowed on non-leaf entry". Though that is the same > complaint, > > however, there are no "glue, extensibleobject" objectclasses > associated > > with those 5 zones. Please see attached for details. I like to have > > those deleted as well. > > 389 seems to think there are records under those even though IPA isn't > seeing them. 389 doesn't show conflict values. I think I'd try > ldapsearch to see if there is anything below it. > > kinit admin > ldapsearch -Y GSSAPI -b > idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > If nothing then add this filter to the end, '(objectclass=ldapsubentry)' > > rob > > > > > Thanks. > > > > Kathy. > > > > > > [root@ipa0 export-ipa-data]# ipa dnsrecord-find > 15.0.10.in-addr.arpa. --all > > > > dn: idnsname=15.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > Record name: @ > > > > NS record: ipa0.example.com <http://ipa0.example.com> > <http://ipa0.example.com>., > > ipa2.example.com <http://ipa2.example.com> > <http://ipa2.example.com>., ipa3.example.com <http://ipa3.example.com> > > <http://ipa3.example.com>., hou1-ipa1.example.com > <http://hou1-ipa1.example.com> > > <http://hou1-ipa1.example.com>., sfo1-ipa1.example.com > <http://sfo1-ipa1.example.com> > > <http://sfo1-ipa1.example.com>., hou2-ipa1.example.com > <http://hou2-ipa1.example.com> > > <http://hou2-ipa1.example.com>., hq- > > > > ipa1.example.com <http://ipa1.example.com> > <http://ipa1.example.com>., > > gcc2-ipa1.example.com <http://gcc2-ipa1.example.com> > <http://gcc2-ipa1.example.com>. > > > > idnsallowdynupdate: TRUE > > > > idnsallowquery: any; > > > > idnsallowtransfer: none; > > > > idnssoaexpire: 1209600 > > > > idnssoaminimum: 3600 > > > > idnssoamname: ipa0.example.com <http://ipa0.example.com> > <http://ipa0.example.com>. > > > > idnssoarefresh: 3600 > > > > idnssoaretry: 900 > > > > idnssoarname: hostmaster > > > > idnssoaserial: 1629023582 > > > > idnsupdatepolicy: grant EXAMPLE.COM <http://EXAMPLE.COM> > <http://EXAMPLE.COM> > > krb5-subdomain 15.0.10.in-addr.arpa. PTR; grant dhcp-key wildcard > * ANY; > > > > idnszoneactive: FALSE > > > > objectclass: top, idnsrecord, idnszone > > > > ---------------------------- > > > > Number of entries returned 1 > > > > ---------------------------- > > > > [root@ipa0 export-ipa-data]# ipa dnsrecord-find > 14.0.10.in-addr.arpa. --all > > > > dn: idnsname=14.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > Record name: @ > > > > NS record: ipa0.example.com <http://ipa0.example.com> > <http://ipa0.example.com>., > > ipa2.example.com <http://ipa2.example.com> > <http://ipa2.example.com>., ipa3.example.com <http://ipa3.example.com> > > <http://ipa3.example.com>., hou1-ipa1.example.com > <http://hou1-ipa1.example.com> > > <http://hou1-ipa1.example.com>., sfo1-ipa1.example.com > <http://sfo1-ipa1.example.com> > > <http://sfo1-ipa1.example.com>., hou2-ipa1.example.com > <http://hou2-ipa1.example.com> > > <http://hou2-ipa1.example.com>., hq- > > > > ipa1.example.com <http://ipa1.example.com> > <http://ipa1.example.com>., > > gcc2-ipa1.example.com <http://gcc2-ipa1.example.com> > <http://gcc2-ipa1.example.com>. > > > > idnsallowdynupdate: TRUE > > > > idnsallowquery: any; > > > > idnsallowtransfer: none; > > > > idnssoaexpire: 1209600 > > > > idnssoaminimum: 3600 > > > > idnssoamname: ipa0.example.com <http://ipa0.example.com> > <http://ipa0.example.com>. > > > > idnssoarefresh: 3600 > > > > idnssoaretry: 900 > > > > idnssoarname: hostmaster > > > > idnssoaserial: 1629023582 > > > > idnsupdatepolicy: grant EXAMPLE.COM <http://EXAMPLE.COM> > <http://EXAMPLE.COM> > > krb5-subdomain 14.0.10.in-addr.arpa. PTR; grant dhcp-key wildcard > * ANY; > > > > idnszoneactive: FALSE > > > > objectclass: top, idnsrecord, idnszone > > > > ---------------------------- > > > > Number of entries returned 1 > > > > ---------------------------- > > > > [root@ipa0 export-ipa-data]# ipa dnsrecord-find > 13.0.10.in-addr.arpa. --all > > > > dn: idnsname=13.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > Record name: @ > > > > NS record: ipa0.example.com <http://ipa0.example.com> > <http://ipa0.example.com>., > > ipa2.example.com <http://ipa2.example.com> > <http://ipa2.example.com>., ipa3.example.com <http://ipa3.example.com> > > <http://ipa3.example.com>., hou1-ipa1.example.com > <http://hou1-ipa1.example.com> > > <http://hou1-ipa1.example.com>., sfo1-ipa1.example.com > <http://sfo1-ipa1.example.com> > > <http://sfo1-ipa1.example.com>., hou2-ipa1.example.com > <http://hou2-ipa1.example.com> > > <http://hou2-ipa1.example.com>., hq- > > > > ipa1.example.com <http://ipa1.example.com> > <http://ipa1.example.com>., > > gcc2-ipa1.example.com <http://gcc2-ipa1.example.com> > <http://gcc2-ipa1.example.com>. > > > > idnsallowdynupdate: TRUE > > > > idnsallowquery: any; > > > > idnsallowtransfer: none; > > > > idnssoaexpire: 1209600 > > > > idnssoaminimum: 3600 > > > > idnssoamname: ipa0.example.com <http://ipa0.example.com> > <http://ipa0.example.com>. > > > > idnssoarefresh: 3600 > > > > idnssoaretry: 900 > > > > idnssoarname: hostmaster > > > > idnssoaserial: 1629023582 > > > > idnsupdatepolicy: grant EXAMPLE.COM <http://EXAMPLE.COM> > <http://EXAMPLE.COM> > > krb5-subdomain 13.0.10.in-addr.arpa. PTR; grant dhcp-key wildcard > * ANY; > > > > idnszoneactive: FALSE > > > > objectclass: top, idnsrecord, idnszone > > > > ---------------------------- > > > > Number of entries returned 1 > > > > ---------------------------- > > > > [root@ipa0 export-ipa-data]# ipa dnsrecord-find > 12.0.10.in-addr.arpa. --all > > > > dn: idnsname=12.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > Record name: @ > > > > NS record: ipa0.example.com <http://ipa0.example.com> > <http://ipa0.example.com>., > > ipa2.example.com <http://ipa2.example.com> > <http://ipa2.example.com>., ipa3.example.com <http://ipa3.example.com> > > <http://ipa3.example.com>., hou1-ipa1.example.com > <http://hou1-ipa1.example.com> > > <http://hou1-ipa1.example.com>., sfo1-ipa1.example.com > <http://sfo1-ipa1.example.com> > > <http://sfo1-ipa1.example.com>., hou2-ipa1.example.com > <http://hou2-ipa1.example.com> > > <http://hou2-ipa1.example.com>., hq- > > > > ipa1.example.com <http://ipa1.example.com> > <http://ipa1.example.com>., > > gcc2-ipa1.example.com <http://gcc2-ipa1.example.com> > <http://gcc2-ipa1.example.com>. > > > > idnsallowdynupdate: TRUE > > > > idnsallowquery: any; > > > > idnsallowtransfer: none; > > > > idnssoaexpire: 1209600 > > > > idnssoaminimum: 3600 > > > > idnssoamname: ipa0.example.com <http://ipa0.example.com> > <http://ipa0.example.com>. > > > > idnssoarefresh: 3600 > > > > idnssoaretry: 900 > > > > idnssoarname: hostmaster > > > > idnssoaserial: 1629023582 > > > > idnsupdatepolicy: grant EXAMPLE.COM <http://EXAMPLE.COM> > <http://EXAMPLE.COM> > > krb5-subdomain 12.0.10.in-addr.arpa. PTR; grant dhcp-key wildcard > * ANY; > > > > idnszoneactive: FALSE > > > > objectclass: top, idnsrecord, idnszone > > > > ---------------------------- > > > > Number of entries returned 1 > > > > ---------------------------- > > > > [root@ipa0 export-ipa-data]# ipa dnsrecord-find > 0.0.10.in-addr.arpa. --all > > > > dn: idnsname=0.0.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > Record name: @ > > > > NS record: ipa0.example.com <http://ipa0.example.com> > <http://ipa0.example.com>., > > ipa2.example.com <http://ipa2.example.com> > <http://ipa2.example.com>., ipa3.example.com <http://ipa3.example.com> > > <http://ipa3.example.com>., hou1-ipa1.example.com > <http://hou1-ipa1.example.com> > > <http://hou1-ipa1.example.com>., sfo1-ipa1.example.com > <http://sfo1-ipa1.example.com> > > <http://sfo1-ipa1.example.com>., hou2-ipa1.example.com > <http://hou2-ipa1.example.com> > > <http://hou2-ipa1.example.com>., hq- > > > > ipa1.example.com <http://ipa1.example.com> > <http://ipa1.example.com>., > > gcc2-ipa1.example.com <http://gcc2-ipa1.example.com> > <http://gcc2-ipa1.example.com>. > > > > idnsallowdynupdate: TRUE > > > > idnsallowquery: any; > > > > idnsallowtransfer: none; > > > > idnssoaexpire: 1209600 > > > > idnssoaminimum: 3600 > > > > idnssoamname: ipa0.example.com <http://ipa0.example.com> > <http://ipa0.example.com>. > > > > idnssoarefresh: 3600 > > > > idnssoaretry: 900 > > > > idnssoarname: hostmaster.example.com > <http://hostmaster.example.com> <http://hostmaster.example.com>. > > > > idnssoaserial: 1629023582 > > > > idnsupdatepolicy: grant EXAMPLE.COM <http://EXAMPLE.COM> > <http://EXAMPLE.COM> > > krb5-subdomain 0.0.10.in-addr.arpa. PTR; grant dhcp-key wildcard * > ANY; > > > > idnszoneactive: FALSE > > > > objectclass: top, idnsrecord, idnszone > > > > ---------------------------- > > > > Number of entries returned 1 > > > > ---------------------------- > > > > [root@ipa0 export-ipa-data]# > > > > > > On Thu, Aug 19, 2021 at 6:08 PM Kathy Zhu <k...@nuro.ai > <mailto:k...@nuro.ai> > > <mailto:k...@nuro.ai <mailto:k...@nuro.ai>>> wrote: > > > > Yes, I want to delete the zone. I tried a few ways, none > worked so far. > > > > On Thu, Aug 19, 2021 at 5:15 PM Rob Crittenden > <rcrit...@redhat.com <mailto:rcrit...@redhat.com> > > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>> wrote: > > > > Kathy Zhu via FreeIPA-users wrote: > > > Hi List, > > > > > > When I run ipa-healthcheck on all of our ipa servers, > they all > > reported > > > following: > > > > > > [root@ipa0 ~]# ipa-healthcheck --failures-only > --output-type human > > > > > > ERROR: > > > > > > > ipahealthcheck.ds.replication.ReplicationConflictCheck.idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com: > > > Replication conflict > > > > > > [root@ipa0 ~]# > > > > > > [root@ipa0 ~]# ipa-healthcheck --failures-only > > > > > > [ > > > > > > { > > > > > > "source": "ipahealthcheck.ds.replication", > > > > > > "kw": { > > > > > > "msg": "Replication conflict", > > > > > > "glue": true, > > > > > > "conflict": "deletedEntryHasChildren", > > > > > > "key": > > "idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com" > > > > > > }, > > > > > > "uuid": "3027f742-4b7b-4a20-9650-a5a030699480", > > > > > > "duration": "0.002318", > > > > > > "when": "20210819234114Z", > > > > > > "check": "ReplicationConflictCheck", > > > > > > "result": "ERROR" > > > > > > } > > > > > > ] > > > > > > [root@ipa0 ~]# > > > > > > [root@ipa0 ~]# ipa dnsrecord-find 1.1.10.in-addr.arpa. > > > --sizelimit=99999 --all --structured > > > > > > dn: idnsname=1.1.10.in-addr.arpa.,cn=dns,dc=example,dc=com > > > > > > Record name: @ > > > > > > Records: > > > > > > Record type: NS > > > > > > Record data: ipa1.example.com > <http://ipa1.example.com> <http://ipa1.example.com> > > <http://ipa1.example.com>. > > > > > > NS Hostname: ipa1.example.com > <http://ipa1.example.com> <http://ipa1.example.com> > > <http://ipa1.example.com>. > > > > > > idnsallowdynupdate: TRUE > > > > > > idnsallowquery: any; > > > > > > idnsallowtransfer: none; > > > > > > idnssoaexpire: 1209600 > > > > > > idnssoaminimum: 3600 > > > > > > idnssoamname: ipa0.example.com > <http://ipa0.example.com> <http://ipa0.example.com> > > <http://ipa0.example.com>. > > > > > > idnssoarefresh: 3600 > > > > > > idnssoaretry: 900 > > > > > > idnssoarname: hostmaster > > > > > > idnssoaserial: 1629023582 > > > > > > idnsupdatepolicy: grant EXAMPLE.COM > <http://EXAMPLE.COM> <http://EXAMPLE.COM> > > <http://EXAMPLE.COM> > > > krb5-subdomain 1.1.10.in-addr.arpa. PTR; grant dhcp-key > > wildcard * ANY; > > > > > > idnszoneactive: FALSE > > > > > > objectclass: top, idnsrecord, idnszone, glue, > extensibleobject > > > > > > ---------------------------- > > > > > > Number of entries returned 1 > > > > > > ---------------------------- > > > > > > [root@ipa0 ~]# > > > > > > > > > Notice above, glue is true! After googling, I found > following: > > > > > > > > > > > > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/ipa-replica-manage#Solving_Orphan_Entry_Conflicts > > > > > > > > > > > > > > https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/managing_replication-solving_common_replication_conflicts#Solving_Common_Replication_Conflicts-Solving_Orphan_Entry_Conflicts > > > > > > > > > The explanation made sense to me. However, I do not know > what > > happened > > > to get us into this situation. > > > > > > > > > A good zone displays objectclass like this: > > > > > > > > > objectclass: top, idnsrecord, idnszone > > > > > > > > > > > > Note, no "glue, extensibleobject" there. > > > > > > > > > This zone can not be deleted since "Not allowed on non-leaf > > entry". Any > > > ideas to delete this zone? > > > > Do you want to delete the zone? > > > > rob > > > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure