Yep! Rebooting is just what I needed. It just cleaned LDAP from user1. I could create 'user1' again within the FreeIPA web UI.
$ ldapsearch -x -h ipasrv uid=user1 # extended LDIF # # LDAPv3 # base <dc=mydomain> (default) with scope subtree # filter: uid=user1 # requesting: ALL # # user1, users, compat, mydomain dn: uid=user1,cn=users,cn=compat,dc=mydomain cn: user one objectClass: posixAccount objectClass: top gidNumber: 1034 gecos: user one uidNumber: 1034 loginShell: /bin/bash homeDirectory: /home/user1 uid: user1 # user1, users, accounts, mydomain dn: uid=user1,cn=users,cn=accounts,dc=mydomain displayName: user one cn: user one objectClass: ipaobject objectClass: person objectClass: top objectClass: ipasshuser objectClass: inetorgperson objectClass: organizationalperson objectClass: krbticketpolicyaux objectClass: krbprincipalaux objectClass: inetuser objectClass: posixaccount objectClass: ipaSshGroupOfPubKeys objectClass: mepOriginEntry objectClass: ipantuserattrs loginShell: /bin/bash initials: uo gecos: user one homeDirectory: /home/user1 uid: user1 givenName: user sn: one uidNumber: 1034 gidNumber: 1034 ipaNTSecurityIdentifier: S-1-5-21-1490379376-134147230-3409394544-1034 # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 And after deleting it again: $ ldapsearch -x -h ipasrv uid=user1 # extended LDIF # # LDAPv3 # base <dc=mydomain> (default) with scope subtree # filter: uid=user1 # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 I probably messed around a bit while configuring with IPA. Thank you. On Fri, Oct 2, 2015 at 10:04 AM, Alexander Bokovoy <[email protected]> wrote: > On Thu, 01 Oct 2015, Fujisan wrote: > >> I get this: >> >> ----------------------------- >> $ ldapsearch -D cn=directory\ manager -W -b cn=accounts,dc=mydomain >> '(uid=user1*)' >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> # base <cn=accounts,dc=mydomain> with scope subtree >> # filter: (uid=user1*) >> # requesting: ALL >> # >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 1 >> ----------------------------- >> > as it should be, i.e. no entry. > > Can you restart LDAP server? If compat tree entry persists after > restart, it means there is indeed somewhere an entry that is turned into > the compat one and we then can analyse it more. > > > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
