J N via FreeIPA-users wrote: >> Hi, >> >> On Tue, May 2, 2023 at 1:06 PM J N via FreeIPA-users < >> freeipa-users(a)lists.fedorahosted.org> wrote: >> >> the HBAC and sudo rules are automatically replicated, you only need to >> define them once (on any server, it can be the first master or a replica). >> HTH, >> flo > > > Thanks Flo. > > Btw, if you have any idea of to solve following problem: > $ ipa hbacrule-del test_rule > ipa: ERROR: The search criteria was not specific enough. Expected 1 and found > 2. > > $ ipa hbacrule-find > -------------------- > 2 HBAC rules matched > -------------------- > Rule name: test_rule > Host category: all > Service category: all > Description: test_rule > Enabled: True > > Rule name: test_rule > Host category: all > Service category: all > Description: test_rule > Enabled: True > ---------------------------- > Number of entries returned 2
One is probably a replication conflict entry. Add --all --raw to the command and look at the dn. If it contains nsUniqueId it's a conflict entry. If both entries are identical you can delete it using ldapdelete. otherwise for preservation purposes you'd want to add/remove anything missing from the non-conflict entry. Once you have it the way you want, then you can delete the conflict. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
