Hi folks,
something got corrupted in my ldap database (again). After running
% ipa user-mod --rename=bobk bobs
I get
% getent passwd bobs
% getent passwd bobk
%
The UID became unusable. (Highly painful, because this user is cut off
from EMails.) This is what I see:
% ipa user-find bobs
--------------
1 user matched
--------------
User login: bobk
First name: Bob
Last name: S
Home directory: /home/bobs
Login shell: /bin/bash
Principal alias: bobk(a)EXAMPLE.DE
Email address: bobs(a)example.de
UID: 1032
GID: 100
Account disabled: False
----------------------------
Number of entries returned 1
----------------------------
% ipa user-find bobk
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------
% ipa user-find --login bobk
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------
% ipa user-find --login bobs
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------
Neither login name is found. Using ldap some data is still
available:
% ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=de '(uid=bobs)'
dn: uid=bobk,cn=users,cn=accounts,dc=example,dc=de
gecos: Bob S
displayName: Bob S
krbPrincipalName: bobk(a)EXAMPLE.DE
mepManagedEntry: cn=bobk,cn=groups,cn=accounts,dc=example,dc=de
memberOf: cn=ipausers,cn=groups,cn=accounts,dc=example,dc=de
memberOf: cn=projects,cn=groups,cn=accounts,dc=example,dc=de
memberOf: cn=develop,cn=groups,cn=accounts,dc=example,dc=de
uid: bobk
krbLastSuccessfulAuth: 20180607201703Z
krbLoginFailedCount: 0
krbLastFailedAuth: 20180606135524Z
ipaUniqueID: 35292e46-ad70-11e5-8123-0016cc46e69a
givenName: Bob
mail: bobs(a)example.de
homeDirectory: /home/bobs
sn: S
gidNumber: 100
initials: JS
uidNumber: 1032
loginShell: /bin/bash
objectClass: ipaobject
objectClass: person
objectClass: top
objectClass: ipasshuser
objectClass: inetorgperson
objectClass: organizationalperson
objectClass: krbticketpolicyaux
objectClass: krbprincipalaux
objectClass: inetuser
objectClass: posixaccount
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
cn: Bob S
krbLastPwdChange: 20160104091328Z
krbPasswordExpiration: 20400825091328Z
krbExtraData:: AAK4N4pWanNjaHVsdGVAQUlYSUdPLkRFAA==
krbLastAdminUnlock: 20160314150305Z
% ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=de '(uid=bobk)'
%
Using jxplorer I see the entry for "bobk" (on 2 replicas), but if I try to
look inside I get an error popup "unable to perform read operation". On the
other 4 replicas I see "bobs" (no problem here).
WTH? How can I cleanup this mess?
Every helpful comment is highly appreciated
Harri