-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IPA failure in ipa user-del --preserve (rawhide): This entry already exists #4894
Comments
Companion issue on IPA side: https://pagure.io/freeipa/issue/8976 |
There has been a single change recently here with 9cf2517b5e so I wonder if that's part of the impact here? It affects the subtree in which we searched for entries to compare, so that would check out with the symptoms you describe here .... |
@Firstyear good catch. Indeed, I think the fix #4763 is invalid. The 'target' used in the fix is just to prevent that the operation fails because of source/target entry itself, it has nothing to do with the scope that is configured at plugin level. I will comment #4763 |
Bug Description: Starting with 389-ds 2.0.8 on rawhide, any call to ipa user-del --preserve fails with This entry already exists. Fix Description: We should split 'dn' parameter in searchAllSubtrees into parent and target. As one of them is used for excluding the subtree checks and another one for searching. Improve 'superior' processing when we don't change the parent. Rename variables in a more sane way. Fixes: #4894 Reviewed by: @Firstyear, @tbordaz, @progier389 (Thanks!)
Bug Description: Starting with 389-ds 2.0.8 on rawhide, any call to ipa user-del --preserve fails with This entry already exists. Fix Description: We should split 'dn' parameter in searchAllSubtrees into parent and target. As one of them is used for excluding the subtree checks and another one for searching. Improve 'superior' processing when we don't change the parent. Rename variables in a more sane way. Fixes: #4894 Reviewed by: @Firstyear, @tbordaz, @progier389 (Thanks!)
Bug Description: Starting with 389-ds 2.0.8 on rawhide, any call to ipa user-del --preserve fails with This entry already exists. Fix Description: We should split 'dn' parameter in searchAllSubtrees into parent and target. As one of them is used for excluding the subtree checks and another one for searching. Improve 'superior' processing when we don't change the parent. Rename variables in a more sane way. Fixes: #4894 Reviewed by: @Firstyear, @tbordaz, @progier389 (Thanks!)
Issue Description
Starting with 389-ds 2.0.8 on rawhide, any call to
ipa user-del --preserve
fails withThis entry already exists
.See for instance in PR #1128 the test
testing-fedora/test_user_permissions
: logs, report:Package Version and Platform:
Steps to Reproduce
Steps to reproduce the behavior:
ipa-server-install --domain ipa.test --realm IPA.TEST --setup-dns --auto-forwarders -a Secret123 -p Secret123 -U
kinit admin; ipa user-add idmuser --first idmuser --last idmuser
ipa user-del idmuser --preserve
Additional information:
Adding
nsslapd-errorlog-level: 65536
we can see the issue happens in NSUniqueAttribute plugin.Access log:
Error log:
Configuration of attr uniqueness plugin for ipaUniqueID:
There was an update in 2.0.8 related to attr uniqueness plugin, maybe worth checking if it's related: #4763
The text was updated successfully, but these errors were encountered: