> -----Original Message----- > From: Ludwig Krispenz [mailto:lkris...@redhat.com] > Sent: Wednesday, April 29, 2015 10:59 AM > To: Andy Thompson > Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] deleting ipa user > > > On 04/29/2015 04:49 PM, Andy Thompson wrote: > >> -----Original Message----- > >> From: Ludwig Krispenz [mailto:lkris...@redhat.com] > >> Sent: Wednesday, April 29, 2015 10:51 AM > >> To: Andy Thompson > >> Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com > >> Subject: Re: [Freeipa-users] deleting ipa user > >> > >> did you run the searches as directory manager ? > >> > > Yep sure did > that's weird, as directory manager you should be able to see the > nscpentrywsi attribute, could you paste your full search request ? > >
This returns the object ldapsearch -LLL -o ldif-wrap=no -H ldap://mdhixnpipa02 -x -D "cn=directory manager" -W -b "dc=..." "(&(objectclass=nstombstone)(nsuniqueid=7e1a1f87-e82611e4-99f1b343-f0abc1a8))" | grep -i objectClass This returns nothing ldapsearch -LLL -o ldif-wrap=no -H ldap://mdhixnpipa02 -x -D "cn=directory manager" -W -b "dc=..." "(&(objectclass=nstombstone)(nsuniqueid=7e1a1f87-e82611e4-99f1b343-f0abc1a8))" nscpentrywsi | grep -i objectClass > > > > > >> On 04/29/2015 04:34 PM, Andy Thompson wrote: > >>>> -----Original Message----- > >>>> From: Ludwig Krispenz [mailto:lkris...@redhat.com] > >>>> Sent: Wednesday, April 29, 2015 10:28 AM > >>>> To: Andy Thompson > >>>> Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com > >>>> Subject: Re: [Freeipa-users] deleting ipa user > >>>> > >>>> can you do the followin search on both servers ? > >>>> > >>>> ldapsearch -LLL -o ldif-wrap=no -h xxx p xxx -x -D > >>>> "cn=directory manager" - w xxx -b "dc=xxx.... " > >>>> "(&(objectclass=nstombstone)(nsuniqueid=7e1a1f87-e82611e4- > >> 99f1b343- > >>>> f0abc1a8))" > >>>> nscpentrywsi | grep -i objectClass > >>> The server that I initially attempted the deletion on returns nothing. > >>> The second server (the one currently throwing the consumer failed > >>> replay error) returns this if I remove the nscpentrywsi attribute > >>> filter. If I leave the attribute filter I don't get anything > >>> > >>> objectClass: posixgroup > >>> objectClass: ipaobject > >>> objectClass: mepManagedEntry > >>> objectClass: top > >>> objectClass: nsTombstone > >>> > >>> -andy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project