Here is what is in the /var/log/dirsrv/slapd-YOUR-REALM/access... logfile: conn=17342 fd=86 slot=86 connection from 142.103.xxx.xx to 142.103.xxx.xx conn=17342 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI conn=17342 op=0 RESULT err=14 tag=97 nentries=0 etime=1, SASL bind in progress conn=17342 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI conn=17342 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress conn=17342 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI conn=17342 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,cn=users,cn=accounts,dc=pxxx,dc=abc,dc=ca" conn=17342 op=3 SRCH base="cn=ipaconfig,cn=etc,dc=pxxx,dc=abc,dc=ca" scope=0 filter="(objectClass=*)" attrs=ALL conn=17342 op=3 RESULT err=0 tag=101 nentries=1 etime=0 conn=17342 op=4 SRCH base="cn=users,cn=accounts,dc=pxxx,dc=abc,dc=ca" scope=1 filter="(&(objectClass=posixaccount)(memberOf=cn=admins,cn=groups,cn=accounts,dc=pxxx,dc=abc,dc=ca))" attrs="telephoneNumber sshpubkeyfp uid title loginShell uidNumber gidNumber sn homeDirectory mail givenName nsAccountLock" conn=17342 op=4 RESULT err=0 tag=101 nentries=1 etime=0 conn=17342 op=5 SRCH base="uid=admin,cn=users,cn=accounts,dc=pxxx,dc=abc,dc=ca" scope=0 filter="(userPassword=*)" attrs="userPassword" conn=17342 op=5 RESULT err=0 tag=101 nentries=1 etime=0 conn=17342 op=6 SRCH base="uid=admin,cn=users,cn=accounts,dc=pxxx,dc=abc,dc=ca" scope=0 filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey" conn=17342 op=6 RESULT err=0 tag=101 nentries=1 etime=0 conn=17342 op=7 SRCH base="uid=admin,cn=users,cn=accounts,dc=pxxx,dc=abc,dc=ca" scope=0 filter="(objectClass=*)" attrs="ipaSshPubKey" conn=17342 op=7 RESULT err=0 tag=101 nentries=1 etime=0 conn=17342 op=8 DEL dn="uid=phys210e,cn=users,cn=accounts,dc=pxxx,dc=abc,dc=ca" conn=17342 op=8 RESULT err=32 tag=107 nentries=0 etime=0 conn=17342 op=9 UNBIND conn=17342 op=9 fd=86 closed - U1
And here is the result of the user-show command: [root@ipa slapd-pxxx-abc-CA]# ipa user-find --login phys210e -------------- 1 user matched -------------- User login: phys210e First name: Testing Last name: Phys210 Home directory: /home2/phys210e Login shell: /bin/bash Email address: phys2...@pxxx.abc.ca UID: 15010 GID: 15010 Account disabled: False Password: True Kerberos keys available: False ---------------------------- Number of entries returned 1 ---------------------------- [root@ipa slapd-pxxx-abc-CA]# ipa user-show --all --raw phys210e ipa: ERROR: phys210e: user not found On 09/03/2014 10:43 AM, Rob Crittenden wrote: > Martin Kosek wrote: >> Can you check /var/log/dirsrv/slapd-YOUR-REALM/access, search for the DEL >> operation and see what was the error code that DS gave when it refused to >> delete the user? > Were I to guess the issue is that this is a replication conflict entry. > If you do: > > # ipa user-show --all --raw phys210e |grep dn: > > It will likely begin with nsuniqueid=<hex>, ... > > The reason it can be found and not deleted is we create the dn to be > removed, we don't search for it. So the user uid=phys210e,cn=users,... > etc doesn't exist but the user nsuniqueid=<hex> ... does. > > You'll need to use ldapmodify or ldapdelete to remove the entry though > I'd check your other masters to see what the state of the user is there. > > rob > >> Martin >> >> On 09/03/2014 06:18 PM, Ron wrote: >>> user-find sees a user but user-del cannot remove it. What can I do? >>> Thanks. >>> Regards, >>> Ron >>> >>> [root@ipa]# ipa user-find --login phys210e >>> -------------- >>> 1 user matched >>> -------------- >>> User login: phys210e >>> First name: Testing >>> Last name: Phys210 >>> Home directory: /home2/phys210e >>> Login shell: /bin/bash >>> Email address: phys2...@pxxx.abc.ca >>> UID: 15010 >>> GID: 15010 >>> Account disabled: False >>> Password: True >>> Kerberos keys available: False >>> ---------------------------- >>> Number of entries returned 1 >>> ---------------------------- >>> [root@ipa]# ipa user-del phys210e --continue >>> --------------- >>> Deleted user "" >>> --------------- >>> Failed to remove: phys210e >>> >>> >>> [root@ipa]# cat /etc/redhat-release >>> Red Hat Enterprise Linux Server release 6.5 (Santiago) >>> >>> [root@ipa]# rpm -qa|grep ipa; rpm -qa|grep 389 >>> ipa-pki-ca-theme-9.0.3-7.el6.noarch >>> ipa-admintools-3.0.0-37.el6.i686 >>> ipa-pki-common-theme-9.0.3-7.el6.noarch >>> libipa_hbac-1.9.2-129.el6_5.4.i686 >>> ipa-server-selinux-3.0.0-37.el6.i686 >>> python-iniparse-0.3.1-2.1.el6.noarch >>> libipa_hbac-python-1.9.2-129.el6_5.4.i686 >>> ipa-server-3.0.0-37.el6.i686 >>> ipa-python-3.0.0-37.el6.i686 >>> ipa-client-3.0.0-37.el6.i686 >>> 389-ds-base-libs-1.2.11.15-33.el6_5.i686 >>> 389-ds-base-1.2.11.15-33.el6_5.i686 -- Ron Parachoniak Systems Manager, Department of Physics & Astronomy University of British Columbia, Vancouver, B.C. V6T 1Z1 Phone: (604) 838-6437
0xA1D0F827.asc
Description: application/pgp-keys
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project