On 08/01/2014 11:56 AM, Tomas Babej wrote:
On 08/01/2014 11:42 AM, [email protected] wrote:
Hi:
I follow command found from here and want to del priate group but
fail any idea?
It said line 5 attribute error , any synta xwrong?
ldapsearch -LLL -Y GSSAPI cn=barry
ldapmodify -Y GSSAPI <<EOF
dn: cn=barry,cn=groups,cn=accounts,dc=abc,dc=com
changetype: modify
delete: objectclass
objectclass: mepManagedEntry
delete: mepManagedBy
dn: cn=barry,cn=groups,cn=accounts,dc=abcdc=com
changetype: delete
EOF
You need to first delete the mepManagedBy attribute, since it is
allowed by the mepManagedEntry objectclass, and then removing the
objectclass itself.
you should be able to do this in one modify operation, if the attribute
is a required attribute you even have to do it in one mod. Schema
checking is done after all the mods of an operations are applied. In the
original mod I think the separator of sub operations is missing, it
should be:
dn: cn=barry,cn=groups,cn=accounts,dc=abc,dc=com
changetype: modify
delete: objectclass
objectclass: mepManagedEntry
-
delete: mepManagedBy
Performing the operations in reverse order leaves you with
mepManagedBy in the entry, which is not allowed by any objectclass.
#!RESULT OK
#!DATE 2014-08-01T09:53:38.820
dn:
cn=random,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
changetype: modify
delete: mepManagedBy
-
#!RESULT OK
#!DATE 2014-08-01T09:53:45.511
dn:
cn=random,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
changetype: modify
delete: objectClass
objectClass: mepManagedEntry
-
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
