[Freeipa-users] deleting ipa user

Wed Apr 29 17:15:02 UTC 2015

> -----Original Message-----
> From: thierry bordaz [mailto:tbordaz at redhat.com]
> Sent: Wednesday, April 29, 2015 1:07 PM
> To: Andy Thompson
> Cc: Ludwig Krispenz; Martin Kosek; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] deleting ipa user
> 
> On 04/29/2015 06:45 PM, Andy Thompson wrote:
> 
> 
> 		-----Original Message-----
> 		From: thierry bordaz [mailto:tbordaz at redhat.com]
> 		Sent: Wednesday, April 29, 2015 12:28 PM
> 		To: Andy Thompson
> 		Cc: Ludwig Krispenz; Martin Kosek; freeipa-
> users at redhat.com <mailto:freeipa-users at redhat.com>
> 		Subject: Re: [Freeipa-users] deleting ipa user
> 
> 		On 04/29/2015 05:58 PM, Andy Thompson wrote:
> 
> 
> 					dn:
> 					nsuniqueid=7e1a1f87-e82611e4-
> 99f1b343-
> 
> 				f0abc1a8,cn=username,cn=groups,c
> 
> 					n=accounts,dc=mhbenp,dc=lin
> 					nscpentrywsi: dn:
> 					nsuniqueid=7e1a1f87-e82611e4-
> 99f1b343-
> 
> 				f0abc1a8,cn=username,cn=groups,c
> 
> 					n=accounts,dc=mhbenp,dc=lin
> 					nscpentrywsi: objectClass;vucsn-
> 		55364a42000500040000: posixgroup
> 					nscpentrywsi: objectClass;vucsn-
> 		55364a42000500040000: ipaobject
> 					nscpentrywsi: objectClass;vucsn-
> 		55364a42000500040000:
> 
> 				mepManagedEntry
> 
> 					nscpentrywsi: objectClass;vucsn-
> 		55364a42000500040000: top
> 					nscpentrywsi: objectClass;vucsn-
> 		5540deb8000300030000: nsTombstone
> 					nscpentrywsi:
> 					cn;vucsn-
> 55364a42000500040000;mdcsn-
> 		55364a42000500040000: gfeigh
> 					nscpentrywsi: gidNumber;vucsn-
> 		55364a42000500040000: 1249000003
> 					nscpentrywsi: description;vucsn-
> 		55364a42000500040000: User private
> 					group for username
> 					nscpentrywsi:
> mepManagedBy;vucsn-
> 		55364a42000500040000: uid=
> 
> 	username,cn=users,cn=accounts,dc=mhbenp,dc=lin
> 					nscpentrywsi: creatorsName;vucsn-
> 		55364a42000500040000: cn=Managed
> 					Entries,cn=plugins,cn=config
> 					nscpentrywsi: modifiersName;vucsn-
> 		55364a42000500040000: cn=Managed
> 					Entries,cn=plugins,cn=config
> 					nscpentrywsi:
> createTimestamp;vucsn-
> 		55364a42000500040000:
> 					20150421130152Z
> 					nscpentrywsi:
> modifyTimestamp;vucsn-
> 		55364a42000500040000:
> 					20150421130152Z
> 					nscpentrywsi: nsUniqueId: 7e1a1f87-
> e82611e4-
> 		99f1b343-f0abc1a8
> 					nscpentrywsi: ipaUniqueID;vucsn-
> 		55364a42000500040000:
> 					94dc1638-e826-11e4-878a-
> 005056a92af3
> 					nscpentrywsi: parentid: 4
> 					nscpentrywsi: entryid: 385
> 					nscpentrywsi: nsParentUniqueId:
> 3763f193-
> 		e76411e4-99f1b343-f0abc1a8
> 					nscpentrywsi: nstombstonecsn:
> 		5540deb8000300030000
> 					nscpentrywsi: nscpEntryDN:
> 
> 
> 	cn=username,cn=groups,cn=accounts,dc=mhbenp,dc=lin
> 					nscpentrywsi: entryusn: 52327
> 
> 					thought I tried that before,
> apparently not.
> 
> 				ok, so we have the entry on one server, the
> csn of the
> 		objectclass:
> 				tombstone is :
> 
> 				objectClass;vucsn-5540deb8000300030000:
> nsTombstone
> 
> 				, which matches the csn in the error log:
> 
> 				Consumer failed to replay change (uniqueid
> 7e1a1f87-
> 		e82611e4-99f1b343-
> 				f0abc1a8, CSN 5540deb8000300030000):
> Operations error (1)
> 		so the state of
> 				the entry is as expected.
> 
> 				Now we nend to find it on the other server. If
> the search for
> 		the & filter with
> 				nstombstone does return nothing, could you
> try
> 
> 
> 			If I run ldapsearch -LLL -o ldif-wrap=no -H
> ldap://mdhixnpipa01 -x -D
> 		"cn=directory manager" -W  -b "dc=mhbenp,dc=lin"
> 		"(&(objectclass=nstombstone))" I get below.  If I add
> nsuniqueid to the filter
> 		it returns nothing on the primary server
> 
> 			dn: nsuniqueid=7e1a1f82-e82611e4-99f1b343-
> 
> 	f0abc1a8,uid=username,cn=users,cn=accounts,dc=mhbenp,dc=lin
> 			memberOf:
> cn=ipausers,cn=groups,cn=accounts,dc=mhbenp,dc=lin
> 			memberOf: ipaUniqueID=3897c894-e764-11e4-b05b-
> 		005056a92af3,cn=hbac,dc=mhbenp,dc=lin
> 			ipaNTSecurityIdentifier: S-1-5-21-1257946092-
> 587846975-4124201916-
> 		1003
> 			krbLastSuccessfulAuth: 20150421180533Z
> 			krbPasswordExpiration: 20150720180532Z
> 			userPassword::
> 
> 	e1NIQTUxMn1wekx2TytqSG9YQWkwL1RMWitXcE44dmFRRnFEWUJ3
> U3lrMTJ
> 
> 	ab2ErNUdwakdWTVBnSzlJK0txdWF2b0pXdjZKbVZuZjdWb2txbG04NX
> piWVh
> 		qTXQxUT09
> 			krbExtraData::
> AAJskTZVa2FkbWluZEBNSEJFTlAuTElOAA==
> 			krbPrincipalKey::
> 
> 	MIIBnKADAgEBoQMCAQGiAwIBA6MDAgEBpIIBhDCCAYAwaKAbMB
> mgAwIB
> 
> 	AKESBBBNSEJFTlAuTElOZ2ZlaWdooUkwR6ADAgESoUAEPiAA10A0LqF
> 2hLTC5E
> 
> 	P9ArjKyMvDEuNh7SFNR7uvAba4+sh8WRRVbT7DMByrlPvn1A
> 
> 	0miart7lTDnRh89BAbMFigGzAZoAMCAQChEgQQTUhCRU5QLkxJTmd
> 
> 	mZWlnaKE5MDegAwIBEaEwBC4QAAc6BbDvPFsSAeCRjrt2yDkm0fiQ
> WTt++y/l
> 
> 	bFKDbSkZYSJpFnzSRaaIWW0AMGCgGzAZoAMCAQChEgQQTUhCRU5
> QLkxJT
> 		mdmZWlnaKFBMD
> 
> 	+gAwIBEKE4BDYYACTz15wnIUghoNOEkvYZJUbcrXhAyFQsW4OpxTCz
> 
> 	xInn+33pOsEXPlsdsYfc6uJeVl2bN/IwWKAbMBmgAwIBAKESBBBNSEJ
> FTlAuTEl
> 
> 	OZ2ZlaWdooTkwN6ADAgEXoTAELhAAE9mQlmMsVmCvtRwKXdSf9b7
> CFCi4qZ
> 		jwMj1cTwzD1FH6/IbmDSvRMUVw8wE=
> 			krbLoginFailedCount: 0
> 			krbTicketFlags: 128
> 			krbLastPwdChange: 20150421180532Z
> 			krbLastFailedAuth: 20150421180457Z
> 			mepManagedEntry:
> 		cn=username,cn=groups,cn=accounts,dc=mhbenp,dc=lin
> 			displayName: user name
> 			cn: User Name
> 			objectClass: ipaobject
> 			objectClass: person
> 			objectClass: top
> 			objectClass: ipasshuser
> 			objectClass: inetorgperson
> 			objectClass: organizationalperson
> 			objectClass: krbticketpolicyaux
> 			objectClass: krbprincipalaux
> 			objectClass: inetuser
> 			objectClass: posixaccount
> 			objectClass: ipaSshGroupOfPubKeys
> 			objectClass: mepOriginEntry
> 			objectClass: ipantuserattrs
> 			objectClass: nsTombstone
> 			loginShell: /bin/bash
> 			initials: GF
> 			gecos: User Name
> 			homeDirectory: /home/username
> 			uid: username
> 			mail: username at mhbenp.lin
> <mailto:username at mhbenp.lin>  <mailto:username at mhbenp.lin>
> <mailto:username at mhbenp.lin>
> 			krbPrincipalName: username at MHBENP.LIN
> <mailto:username at MHBENP.LIN>
> 		<mailto:username at MHBENP.LIN>
> <mailto:username at MHBENP.LIN>
> 			givenName: User
> 			sn: name
> 			ipaUniqueID: 94d31f06-e826-11e4-878a-005056a92af3
> 			uidNumber: 1249000003
> 			gidNumber: 1249000003
> 			nsParentUniqueId: 3763f192-e76411e4-99f1b343-
> f0abc1a8
> 
> 
> 
> 		In fact, nsuniqueid does not appear in this entry. It is a
> distinguished RDN but
> 		is missing. Did you run the command with 'nscpentrywsi'
> requested attribute.
> 		May be nsuniqueid was hidden for that reason but I would
> be surprised.
> 
> 		nsuniqueid is a key element of replication. I wonder how
> replication can find
> 		the entry itself. nsuniqueid could be in the index but then
> the entry is
> 		corrupted.
> 
> 
> 
> 
> 	If I request the nscpentrywsi attribute I get
> 
> 	dn: nsuniqueid=7e1a1f82-e82611e4-99f1b343-
> f0abc1a8,uid=username,cn=users,cn=accounts,dc=mhbenp,dc=lin
> 	nscpentrywsi: dn: nsuniqueid=7e1a1f82-e82611e4-99f1b343-
> f0abc1a8,uid=username,cn=users,cn=accounts,dc=mhbenp,dc=lin
> 	nscpentrywsi: modifyTimestamp;adcsn-
> 5540be0c000200040002;vucsn-5540be0c000200040002: 20150429111607Z
> 	nscpentrywsi: modifiersName;adcsn-5540be0c000200040001;vucsn-
> 5540be0c000200040001: uid=admin,cn=users,cn=accounts,dc=mhbenp,dc=lin
> 	nscpentrywsi: nsAccountLock;adcsn-5540be0c000200040000;vucsn-
> 5540be0c000200040000: TRUE
> 	nscpentrywsi: memberOf;adcsn-5537c2f5000200040000;vucsn-
> 5537c2f5000200040000:
> cn=ipausers,cn=groups,cn=accounts,dc=mhbenp,dc=lin
> 	nscpentrywsi: memberOf;vucsn-5537c2f5000200040000:
> ipaUniqueID=3897c894-e764-11e4-b05b-
> 005056a92af3,cn=hbac,dc=mhbenp,dc=lin
> 	nscpentrywsi: ipaNTSecurityIdentifier;adcsn-
> 5537a1b1000300040001;vucsn-5537a1b1000300040001: S-1-5-21-1257946092-
> 587846975-4124201916-1003
> 	nscpentrywsi: krbLastSuccessfulAuth;adcsn-
> 55369202000100040000;vucsn-55369202000100040000: 20150421180533Z
> 	nscpentrywsi: passwordGraceUserTime;adcsn-
> 55369200000400040000;vucsn-55369200000400040000: 0
> 	nscpentrywsi: krbPasswordExpiration;adcsn-
> 55369200000200040006;vucsn-55369200000200040006: 20150720180532Z
> 	nscpentrywsi: userPassword;adcsn-55369200000200040005;vucsn-
> 55369200000200040005:
> {SHA512}pzLvO+jHoXAi0/TLZ+WpN8vaQFqDYBwSyk12Zoa+5GpjGVMPgK9I+
> KquavoJWv6JmVnf7Vokqlm85zbYXjMt1Q==
> 	nscpentrywsi: krbExtraData;adcsn-55369200000200040004;vucsn-
> 55369200000200040004:: AAJskTZVa2FkbWluZEBNSEJFTlAuTElOAA==
> 	nscpentrywsi: krbPrincipalKey;adcsn-55369200000200040003;vucsn-
> 55369200000200040003::
> MIIBnKADAgEBoQMCAQGiAwIBA6MDAgEBpIIBhDCCAYAwaKAbMBmgAwIB
> AKESBBBNSEJFTlAuTElOZ2ZlaWdooUkwR6ADAgESoUAEPiAA10A0LqF2hLTC5E
> P9ArjKyMvDEuNh7SFNR7uvAba4+sh8WRRVbT7DMByrlPvn1A0miart7lTDnRh
> 89BAbMFigGzAZoAMCAQChEgQQTUhCRU5QLkxJTmdmZWlnaKE5MDegAwIB
> EaEwBC4QAAc6BbDvPFsSAeCRjrt2yDkm0fiQWTt++y/lbFKDbSkZYSJpFnzSRaaI
> WW0AMGCgGzAZoAMCAQChEgQQTUhCRU5QLkxJTmdmZWlnaKFBMD+gAw
> IBEKE4BDYYACTz15wnIUghoNOEkvYZJUbcrXhAyFQsW4OpxTCzxInn+33pOsEX
> PlsdsYfc6uJeVl2bN/IwWKAbMBmgAwIBAKESBBBNSEJFTlAuTElOZ2ZlaWdooT
> kwN6ADAgEXoTAELhAAE9mQlmMsVmCvtRwKXdSf9b7CFCi4qZjwMj1cTwzD1
> FH6/IbmDSvRMUVw8wE=
> 	nscpentrywsi: krbLoginFailedCount;adcsn-
> 55369200000200040002;vucsn-55369200000200040002: 0
> 	nscpentrywsi: krbTicketFlags;adcsn-55369200000200040001;vucsn-
> 55369200000200040001: 128
> 	nscpentrywsi: krbLastPwdChange;adcsn-
> 55369200000200040000;vucsn-55369200000200040000: 20150421180532Z
> 	nscpentrywsi: krbLastFailedAuth;adcsn-
> 553691dd000000040000;vucsn-553691dd000200040003: 20150421180457Z
> 	nscpentrywsi: mepManagedEntry;vucsn-55364a42000700040000:
> cn=username,cn=groups,cn=accounts,dc=mhbenp,dc=lin
> 	nscpentrywsi: displayName;vucsn-55364a42000100040000:
> UserName
> 	nscpentrywsi: cn;vucsn-55364a42000100040000: UserName
> 	nscpentrywsi: objectClass;vucsn-55364a42000100040000: ipaobject
> 	nscpentrywsi: objectClass;vucsn-55364a42000100040000: person
> 	nscpentrywsi: objectClass;vucsn-55364a42000100040000: top
> 	nscpentrywsi: objectClass;vucsn-55364a42000100040000: ipasshuser
> 	nscpentrywsi: objectClass;vucsn-55364a42000100040000:
> inetorgperson
> 	nscpentrywsi: objectClass;vucsn-55364a42000100040000:
> organizationalperson
> 	nscpentrywsi: objectClass;vucsn-55364a42000100040000:
> krbticketpolicyaux
> 	nscpentrywsi: objectClass;vucsn-55364a42000100040000:
> krbprincipalaux
> 	nscpentrywsi: objectClass;vucsn-55364a42000100040000: inetuser
> 	nscpentrywsi: objectClass;vucsn-55364a42000100040000:
> posixaccount
> 	nscpentrywsi: objectClass;vucsn-55364a42000100040000:
> ipaSshGroupOfPubKeys
> 	nscpentrywsi: objectClass;vucsn-55364a42000600040000:
> mepOriginEntry
> 	nscpentrywsi: objectClass;vucsn-5537a1b1000300040000:
> ipantuserattrs
> 	nscpentrywsi: objectClass;vucsn-5540deb8000000030000:
> nsTombstone
> 	nscpentrywsi: loginShell;vucsn-55364a42000100040000: /bin/bash
> 	nscpentrywsi: initials;vucsn-55364a42000100040000: GF
> 	nscpentrywsi: gecos;vucsn-55364a42000100040000: UserName
> 	nscpentrywsi: homeDirectory;vucsn-55364a42000100040000:
> /home/username
> 	nscpentrywsi: uid;vucsn-55364a42000100040000;mdcsn-
> 55364a42000100040000: username
> 	nscpentrywsi: mail;vucsn-55364a42000100040000:
> username at mhbenp.lin <mailto:username at mhbenp.lin>
> 	nscpentrywsi: krbPrincipalName;vucsn-55364a42000100040000:
> username at MHBENP.LIN <mailto:username at MHBENP.LIN>
> 	nscpentrywsi: givenName;vucsn-55364a42000100040000: Gregg
> 	nscpentrywsi: sn;vucsn-55364a42000100040000: Name
> 	nscpentrywsi: creatorsName;vucsn-55364a42000100040000:
> uid=admin,cn=users,cn=accounts,dc=mhbenp,dc=lin
> 	nscpentrywsi: createTimestamp;vucsn-55364a42000100040000:
> 20150421130152Z
> 	nscpentrywsi: nsUniqueId: 7e1a1f82-e82611e4-99f1b343-f0abc1a8
> 	nscpentrywsi: ipaUniqueID;vucsn-55364a42000100040000: 94d31f06-
> e826-11e4-878a-005056a92af3
> 	nscpentrywsi: parentid: 3
> 	nscpentrywsi: entryid: 385
> 	nscpentrywsi: uidNumber: 1249000003
> 	nscpentrywsi: gidNumber: 1249000003
> 	nscpentrywsi: nsParentUniqueId: 3763f192-e76411e4-99f1b343-
> f0abc1a8
> 	nscpentrywsi: nstombstonecsn: 5540deb8000000030000
> 	nscpentrywsi: nscpEntryDN:
> uid=username,cn=users,cn=accounts,dc=mhbenp,dc=lin
> 	nscpentrywsi: entryusn: 57524
> 	nscpentrywsi: passwordHistory;adcsn-55369200000500040000;vdcsn-
> 55369200000500040000;deletedattribute;deleted:
> 
> 
> Ok, so here is my understanding:
> on the second replica (where you succeed to do 'ipa user-del <username>' )
> the entry is looking:

Sorry that was from the replica where I tried to do the delete and failed.  This is from the second replica where I successfully deleted the entry but now has the "failed to replay change" error being logged.  I've run so many queries I'm starting to lose track :)

dn: nsuniqueid=7e1a1f82-e82611e4-99f1b343-f0abc1a8,uid=username,cn=users,cn=accounts,dc=mhbenp,dc=lin
nscpentrywsi: dn: nsuniqueid=7e1a1f82-e82611e4-99f1b343-f0abc1a8,uid=username,cn=users,cn=accounts,dc=mhbenp,dc=lin
nscpentrywsi: modifyTimestamp;adcsn-5540be0c000200040002;vucsn-5540be0c000200040002: 20150429111607Z
nscpentrywsi: modifiersName;adcsn-5540be0c000200040001;vucsn-5540be0c000200040001: uid=admin,cn=users,cn=accounts,dc=mhbenp,dc=lin
nscpentrywsi: nsAccountLock;adcsn-5540be0c000200040000;vucsn-5540be0c000200040000: TRUE
nscpentrywsi: krbLastSuccessfulAuth;adcsn-5537c9b2000000030000;vucsn-5537c9b2000000030000: 20150422161526Z
nscpentrywsi: memberOf;adcsn-5537c2f5000400030000;vucsn-5537c2f5000400030000: cn=ipausers,cn=groups,cn=accounts,dc=mhbenp,dc=lin
nscpentrywsi: memberOf;vucsn-5537c2f5000400030000: ipaUniqueID=3897c894-e764-11e4-b05b-005056a92af3,cn=hbac,dc=mhbenp,dc=lin
nscpentrywsi: ipaNTSecurityIdentifier;adcsn-5537a1b1000300040001;vucsn-5537a1b1000300040001: S-1-5-21-1257946092-587846975-4124201916-1003
nscpentrywsi: passwordGraceUserTime;adcsn-55369200000400040000;vucsn-55369200000400040000: 0
nscpentrywsi: krbPasswordExpiration;adcsn-55369200000200040005;vucsn-55369200000200040005: 20150720180532Z
nscpentrywsi: userPassword;adcsn-55369200000200040004;vucsn-55369200000200040004: {SHA512}pzLvO+jHoXAi0/TLZ+WpN8vaQFqDYBwSyk12Zoa+5GpjGVMPgK9I+KquavoJWv6JmVnf7Vokqlm85zbYXjMt1Q==
nscpentrywsi: krbExtraData;adcsn-55369200000200040003;vucsn-55369200000200040003:: AAJskTZVa2FkbWluZEBNSEJFTlAuTElOAA==
nscpentrywsi: krbPrincipalKey;adcsn-55369200000200040002;vucsn-55369200000200040002:: MIIBnKADAgEBoQMCAQGiAwIBA6MDAgEBpIIBhDCCAYAwaKAbMBmgAwIBAKESBBBNSEJFTlAuTElOZ2ZlaWdooUkwR6ADAgESoUAEPiAA10A0LqF2hLTC5EP9ArjKyMvDEuNh7SFNR7uvAba4+sh8WRRVbT7DMByrlPvn1A0miart7lTDnRh89BAbMFigGzAZoAMCAQChEgQQTUhCRU5QLkxJTmdmZWlnaKE5MDegAwIBEaEwBC4QAAc6BbDvPFsSAeCRjrt2yDkm0fiQWTt++y/lbFKDbSkZYSJpFnzSRaaIWW0AMGCgGzAZoAMCAQChEgQQTUhCRU5QLkxJTmdmZWlnaKFBMD+gAwIBEKE4BDYYACTz15wnIUghoNOEkvYZJUbcrXhAyFQsW4OpxTCzxInn+33pOsEXPlsdsYfc6uJeVl2bN/IwWKAbMBmgAwIBAKESBBBNSEJFTlAuTElOZ2ZlaWdooTkwN6ADAgEXoTAELhAAE9mQlmMsVmCvtRwKXdSf9b7CFCi4qZjwMj1cTwzD1FH6/IbmDSvRMUVw8wE=
nscpentrywsi: krbTicketFlags;adcsn-55369200000200040001;vucsn-55369200000200040001: 128
nscpentrywsi: krbLastPwdChange;adcsn-55369200000200040000;vucsn-55369200000200040000: 20150421180532Z
nscpentrywsi: mepManagedEntry;vucsn-55364a42000700040000: cn=username,cn=groups,cn=accounts,dc=mhbenp,dc=lin
nscpentrywsi: displayName;vucsn-55364a42000100040000: UserName
nscpentrywsi: cn;vucsn-55364a42000100040000: UserName
nscpentrywsi: objectClass;vucsn-55364a42000100040000: ipaobject
nscpentrywsi: objectClass;vucsn-55364a42000100040000: person
nscpentrywsi: objectClass;vucsn-55364a42000100040000: top
nscpentrywsi: objectClass;vucsn-55364a42000100040000: ipasshuser
nscpentrywsi: objectClass;vucsn-55364a42000100040000: inetorgperson
nscpentrywsi: objectClass;vucsn-55364a42000100040000: organizationalperson
nscpentrywsi: objectClass;vucsn-55364a42000100040000: krbticketpolicyaux
nscpentrywsi: objectClass;vucsn-55364a42000100040000: krbprincipalaux
nscpentrywsi: objectClass;vucsn-55364a42000100040000: inetuser
nscpentrywsi: objectClass;vucsn-55364a42000100040000: posixaccount
nscpentrywsi: objectClass;vucsn-55364a42000100040000: ipaSshGroupOfPubKeys
nscpentrywsi: objectClass;vucsn-55364a42000600040000: mepOriginEntry
nscpentrywsi: objectClass;vucsn-5537a1b1000300040000: ipantuserattrs
nscpentrywsi: objectClass;vucsn-5540deb8000000030000: nsTombstone
nscpentrywsi: loginShell;vucsn-55364a42000100040000: /bin/bash
nscpentrywsi: initials;vucsn-55364a42000100040000: GF
nscpentrywsi: gecos;vucsn-55364a42000100040000: UserName
nscpentrywsi: homeDirectory;vucsn-55364a42000100040000: /home/username
nscpentrywsi: uid;vucsn-55364a42000100040000;mdcsn-55364a42000100040000: username
nscpentrywsi: mail;vucsn-55364a42000100040000: username at mhbenp.lin
nscpentrywsi: krbPrincipalName;vucsn-55364a42000100040000: username at MHBENP.LIN
nscpentrywsi: givenName;vucsn-55364a42000100040000: Gregg
nscpentrywsi: sn;vucsn-55364a42000100040000: Name
nscpentrywsi: creatorsName;vucsn-55364a42000100040000: uid=admin,cn=users,cn=accounts,dc=mhbenp,dc=lin
nscpentrywsi: createTimestamp;vucsn-55364a42000100040000: 20150421130152Z
nscpentrywsi: nsUniqueId: 7e1a1f82-e82611e4-99f1b343-f0abc1a8
nscpentrywsi: ipaUniqueID;vucsn-55364a42000100040000: 94d31f06-e826-11e4-878a-005056a92af3
nscpentrywsi: parentid: 3
nscpentrywsi: entryid: 384
nscpentrywsi: uidNumber;vucsn-55364a42000100040000: 1249000003
nscpentrywsi: gidNumber;vucsn-55364a42000100040000: 1249000003
nscpentrywsi: nsParentUniqueId: 3763f192-e76411e4-99f1b343-f0abc1a8
nscpentrywsi: nstombstonecsn: 5540deb8000000030000
nscpentrywsi: nscpEntryDN: uid=username,cn=users,cn=accounts,dc=mhbenp,dc=lin
nscpentrywsi: entryusn: 52322
nscpentrywsi: passwordHistory;adcsn-55369200000500040000;vdcsn-55369200000500040000;deletedattribute;deleted:
> 
> dn: nsuniqueid=7e1a1f87-e82611e4-99f1b343-
> f0abc1a8,cn=username,cn=groups,cn=accounts,dc=mhbenp,dc=lin
> nscpentrywsi: dn: nsuniqueid=7e1a1f87-e82611e4-99f1b343-
> f0abc1a8,cn=username,cn=groups,cn=accounts,dc=mhbenp,dc=lin
> ...
> nscpentrywsi: objectClass;vucsn-5540deb8000300030000: nsTombstone ...
> nscpentrywsi: nsUniqueId: 7e1a1f87-e82611e4-99f1b343-f0abc1a8
> 
> 
> 
> On the first replica (where you failed to delete the entry and where you can
> see the replication errors)
> dn: nsuniqueid=7e1a1f82-e82611e4-99f1b343-
> f0abc1a8,uid=username,cn=users,cn=accounts,dc=mhbenp,dc=lin
> nscpentrywsi: dn: nsuniqueid=7e1a1f82-e82611e4-99f1b343-
> f0abc1a8,uid=username,cn=users,cn=accounts,dc=mhbenp,dc=lin
> ...
> nscpentrywsi: objectClass;vucsn-5540deb8000000030000: nsTombstone ...
> nscpentrywsi: nsUniqueId: 7e1a1f82-e82611e4-99f1b343-f0abc1a8
> 
> 
> This is not the same entry. It is like two entries with the same 'uid' were
> created.
> Also note that those two entries were deleted on the same replica (replica
> ID=3: likely the second replica) almost at the same time.
> 
> The errors is logged on the first replica about "
> nsuniqueid=7e1a1f87-e82611e4-99f1b343-
> f0abc1a8,cn=<username>,cn=groups,cn=accounts,dc=domain,dc=com".
> 
> So I think the entry you dumped on the first replica, is not the one we were
> looking at.
> The entry (nsuniqueid=7e1a1f87-e82611e4-99f1b343-f0abc1a8) should
> exists, but was not returned by the search.
> 
> 
> 