On to, 08 elo 2019, Sandor Juhasz via FreeIPA-users wrote:
The question was how to refer user entity as it has two dn in the accounts
and compat trees.
You should ignore compat tree when using ipa CLI. It doesn't look there
at all and compat tree entry is always regenerated when changes happen
t
The question was how to refer user entity as it has two dn in the accounts
and compat trees.
Anyway. I have done the manual detach, because i found that solution
suggested by someone here
on the list and i was stupid enough not to further investigate.
I was able to fix all broken entities with rea
Sandor Juhasz via FreeIPA-users wrote:
> I was able to cheat it on the replica where the user was not partially
> deleted.
> I had to recreate and reattach the deleted group.
> Then detach it with
> ipa group-detach
> Then delete the user.
> Then the replication took care of the rest of the master
I was able to cheat it on the replica where the user was not partially
deleted.
I had to recreate and reattach the deleted group.
Then detach it with
ipa group-detach
Then delete the user.
Then the replication took care of the rest of the masters and purged the
remainders.
Any idea how to do it ea
You have found the key i guess - related to the mepmanagedentry. The issue
can be reproduced.
Detaching and deleting the managed group results in the not deletable user.
Now the question is, how do i get out of it?
--
*Sándor Juhász*
System Administrator
*ChemAxon* *Kft*.
Building Hx, GraphiSoft Pa
Many cases for service users the matching group was created by either error
or mistake.
Where those service users are mostly under some group collecting them, also
assigned
as GID.
So the leftovers were detached and deleted, so there is less confusion.
So far there were no issues like this.
--
*Sán
Sandor Juhasz wrote:
> Was detached and deleted prior to the user's deletion.
> First modified by
> dn: cn=,cn=groups,cn=accounts,dc=cxn
> changetype: modify
> delete: objectclass
> objectclass: mepManagedEntry
> -
> delete: mepManagedBy
>
> Then deleted.
I don't know if this is the issue or not
Was detached and deleted prior to the user's deletion.
First modified by
dn: cn=,cn=groups,cn=accounts,dc=cxn
changetype: modify
delete: objectclass
objectclass: mepManagedEntry
-
delete: mepManagedBy
Then deleted.
--
*Sándor Juhász*
System Administrator
*ChemAxon* *Kft*.
Building Hx, GraphiSoft P
Sandor Juhasz via FreeIPA-users wrote:
> We have an entry, what after clicking delete on the UI got partially
> deleted.
> The compat tree entry is gone.
> The accounts tree entry is there.
> ldapsearch finds the entry by uid, but does fail by dn.
> ipa user-show finds the user
> ipa user-del say