[Freeipa-users] User stuck in preserved

Wed, 05 Oct 2022 13:29:24 -0700 

Hi FreeIPA users,
    I've got a username in the preserved list that is bugged.   If you try to 
search for the record on the web UI it throws an error, but still shows a 
record in the result table.  On the UI the error is in a dialog box that reads: 
"Operations Error" with "Some operations failed.".  In the 
/var/log/dirsrv/slapd-REDACTED/errors file the error is:

[05/Oct/2022:13:20:01.492580320 -0400] - WARN - deref-plugin - 
deref_do_deref_attr - conn=3223751 op=105 - failed to retrieve the entry 
[uid=redacted=users,cn=accounts,dc=acc,dc=redacted,dc=org], although the entry 
exists

Tried to manually restore and manually delete with no luck:

ipa user-undel redacted
ipa: ERROR: redacted: user not found

ipa user-del redacted
ipa: ERROR: redacted: user not found

kadmin.local:  delprinc redacted
Are you sure you want to delete the principal "redacted@REDACTED"? (yes/no): yes
delete_principal: Kerberos database constraints violated while deleting 
principal "redacted@REDACTED"



ldapsearch -Y GSSAPI -LL -b "uid=redacted,cn=deleted 
users,cn=accounts,cn=provisioning,dc=acc,dc=redacted,dc=org"
SASL/GSSAPI authentication started
SASL username: redacted@REDACTED
SASL SSF: 256
SASL data security layer installed.
version: 1
No such object (32)
Matched DN: cn=deleted 
users,cn=accounts,cn=provisioning,dc=acc,dc=redacted,dc=org
# Note the above LDAP query finds other preserved users fine


The username is NOT bugged no the other replicas.  However, "ipa-replica-manage 
list" suggests sync is working fine. 

Similar, but I think different: 
https://lists.fedoraproject.org/archives/list/[email protected]/thread/2WXQWI6KNAD4GEILHL4ZDXMUDOO34VQC/#2WXQWI6KNAD4GEILHL4ZDXMUDOO34VQC

I'm using the Red Hat Identity Manager version 4.6.8-5.el7_9.9 flavor of 
FreeIPA.

Ideas?

Thanks,

Ryan
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to