By the way, all three replica servers show the same: [root@ipa]# ipa user-find --all --raw --login phys210e | grep dn: dn: nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=xxxx,dc=abc,dc=ca
[root@ipa01]# ipa user-find --all --raw --login phys210e | grep dn: dn: nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=xxxx,dc=abc,dc=ca [root@ipa02]# ipa user-find --all --raw --login phys210e | grep dn: dn: nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=phys210e,cn=users,cn=accounts,dc=xxxx,dc=abc,dc=ca On 09/03/2014 12:26 PM, Rob Crittenden wrote: > Ron wrote: >> And here is the result of the user-show command: >> [root@ipa slapd-pxxx-abc-CA]# ipa user-show --all --raw phys210e >> ipa: ERROR: phys210e: user not found > Sorry, thinko on my part. Do ipa user-find --all --raw --login phys210e > > user-show is going to have the same issue as user-delete. > > rob > >> >> >> On 09/03/2014 10:43 AM, Rob Crittenden wrote: >>> Martin Kosek wrote: >>>> Can you check /var/log/dirsrv/slapd-YOUR-REALM/access, search for the DEL >>>> operation and see what was the error code that DS gave when it refused to >>>> delete the user? >>> Were I to guess the issue is that this is a replication conflict entry. >>> If you do: >>> >>> # ipa user-show --all --raw phys210e |grep dn: >>> >>> It will likely begin with nsuniqueid=<hex>, ... >>> >>> The reason it can be found and not deleted is we create the dn to be >>> removed, we don't search for it. So the user uid=phys210e,cn=users,... >>> etc doesn't exist but the user nsuniqueid=<hex> ... does. >>> >>> You'll need to use ldapmodify or ldapdelete to remove the entry though >>> I'd check your other masters to see what the state of the user is there. >>> >>> rob >>> >>>> Martin >>>> >>>> On 09/03/2014 06:18 PM, Ron wrote: >>>>> user-find sees a user but user-del cannot remove it. What can I do? >>>>> Thanks. >>>>> Regards, >>>>> Ron >>>>> >>>>> [root@ipa]# ipa user-find --login phys210e >>>>> -------------- >>>>> 1 user matched >>>>> -------------- >>>>> User login: phys210e >>>>> First name: Testing >>>>> Last name: Phys210 >>>>> Home directory: /home2/phys210e >>>>> Login shell: /bin/bash >>>>> Email address: [email protected] >>>>> UID: 15010 >>>>> GID: 15010 >>>>> Account disabled: False >>>>> Password: True >>>>> Kerberos keys available: False >>>>> ---------------------------- >>>>> Number of entries returned 1 >>>>> ---------------------------- >>>>> [root@ipa]# ipa user-del phys210e --continue >>>>> --------------- >>>>> Deleted user "" >>>>> --------------- >>>>> Failed to remove: phys210e >>>>> >>>>> >>>>> [root@ipa]# cat /etc/redhat-release >>>>> Red Hat Enterprise Linux Server release 6.5 (Santiago) >>>>> >>>>> [root@ipa]# rpm -qa|grep ipa; rpm -qa|grep 389 >>>>> ipa-pki-ca-theme-9.0.3-7.el6.noarch >>>>> ipa-admintools-3.0.0-37.el6.i686 >>>>> ipa-pki-common-theme-9.0.3-7.el6.noarch >>>>> libipa_hbac-1.9.2-129.el6_5.4.i686 >>>>> ipa-server-selinux-3.0.0-37.el6.i686 >>>>> python-iniparse-0.3.1-2.1.el6.noarch >>>>> libipa_hbac-python-1.9.2-129.el6_5.4.i686 >>>>> ipa-server-3.0.0-37.el6.i686 >>>>> ipa-python-3.0.0-37.el6.i686 >>>>> ipa-client-3.0.0-37.el6.i686 >>>>> 389-ds-base-libs-1.2.11.15-33.el6_5.i686 >>>>> 389-ds-base-1.2.11.15-33.el6_5.i686 >> >> -- >> Ron Parachoniak >> Systems Manager, Department of Physics & Astronomy >> University of British Columbia, Vancouver, B.C. V6T 1Z1 >> Phone: (604) 838-6437 >> -- Ron Parachoniak Systems Manager, Department of Physics & Astronomy University of British Columbia, Vancouver, B.C. V6T 1Z1 Phone: (604) 838-6437 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
