> J N via FreeIPA-users wrote: > > One is probably a replication conflict entry. Add --all --raw to the > command and look at the dn. If it contains nsUniqueId it's a conflict > entry. If both entries are identical you can delete it using ldapdelete. > otherwise for preservation purposes you'd want to add/remove anything > missing from the non-conflict entry. Once you have it the way you want, > then you can delete the conflict. > > rob
$ ipa hbacrule-find --all --raw -------------------- 2 HBAC rules matched -------------------- dn: ipaUniqueID=ae750172-e8e0-11ed-a25b-020017076333,cn=hbac,dc=lab,dc=local cn: test_rule hostcategory: all servicecategory: all description: Test rule ipaenabledflag: TRUE accessRuleType: allow ipaUniqueID: ae750172-e8e0-11ed-a25b-020017076333 objectClass: ipaassociation objectClass: ipahbacrule dn: ipaUniqueID=ae89c6ca-e8e0-11ed-ae60-020017018325,cn=hbac,dc=lab,dc=local cn: test_rule hostcategory: all servicecategory: all description: Test rule ipaenabledflag: TRUE accessRuleType: allow ipaUniqueID: ae89c6ca-e8e0-11ed-ae60-020017018325 objectClass: ipaassociation objectClass: ipahbacrule Trying to delete using ldapdelete: $ kinit admin Password for [email protected] $ ldapdelete -x -H ldap://ipa.lab.local "ipaUniqueID=6fda040a-e8f2-11ed-a130-020017076333,cn=hbac,dc=lab,dc=local" -W Enter LDAP Password: ldap_delete: Insufficient access (50) additional info: Insufficient 'delete' privilege to delete the entry 'ipaUniqueID=6fda040a-e8f2-11ed-a130-020017076333,cn=hbac,dc=lab,dc=local'. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
