[Kolab-devel] dirsrv: deleting domains from command line fails because of unknown subordinate
Timotheus Pokorra
timotheus at kolab.org
Thu Mar 27 13:25:13 CET 2014
Hello,
I am still in the process of testing my migration from Kolab 2.x.
Deleting existing domains would come in quite handy, so that I can
repeat the import process several times without reinstalling the whole
server.
I found something strange, when running this command, on a vanilla Kolab
3.1:
ldapdelete -v -h localhost -D "cn=Directory Manager" -w
"$DirectoryManagerPwd" -r "dc=testpokorra,dc=de"
Output:
ldap_initialize( ldap://localhost )
deleting entry "dc=testpokorra,dc=de"
deleting children of: dc=testpokorra,dc=de
deleting children of: cn=Directory Administrators,dc=testpokorra,dc=de
removing cn=Directory Administrators,dc=testpokorra,dc=de
cn=Directory Administrators,dc=testpokorra,dc=de removed
deleting children of: ou=Groups,dc=testpokorra,dc=de
removing ou=Groups,dc=testpokorra,dc=de
ou=Groups,dc=testpokorra,dc=de removed
deleting children of: ou=People,dc=testpokorra,dc=de
deleting children of: uid=pokorra,ou=People,dc=testpokorra,dc=de
removing uid=pokorra,ou=People,dc=testpokorra,dc=de
uid=pokorra,ou=People,dc=testpokorra,dc=de removed
removing ou=People,dc=testpokorra,dc=de
ou=People,dc=testpokorra,dc=de removed
deleting children of: ou=Special Users,dc=testpokorra,dc=de
removing ou=Special Users,dc=testpokorra,dc=de
ou=Special Users,dc=testpokorra,dc=de removed
deleting children of: ou=Resources,dc=testpokorra,dc=de
removing ou=Resources,dc=testpokorra,dc=de
ou=Resources,dc=testpokorra,dc=de removed
deleting children of: ou=Shared Folders,dc=testpokorra,dc=de
removing ou=Shared Folders,dc=testpokorra,dc=de
ou=Shared Folders,dc=testpokorra,dc=de removed
ldap_delete: Operation not allowed on non-leaf (66)
I found this issue for dirsrv:
https://bugzilla.redhat.com/show_bug.cgi?id=947583#c13
This issue is related to Multimasterreplication (MMR), and is already
fixed in the dirsrv version installed with Kolab 3.1.
But this command mentioned in the bug comment shows that there are more
subordinates than ldapsearch shows:
ldapsearch -x -h localhost -D "cn=Directory Manager" -w
"$DirectoryManagerPwd" -b "dc=testpokorra,dc=de"
"(|(objectclass=*)(objectclass=nstombstone))" numsubordinates
tombstoneNumSubordinates hassubordinates nsds5ReplConflict
output:
# extended LDIF
#
# LDAPv3
# base <dc=testpokorra,dc=de> with scope subtree
# filter: (|(objectclass=*)(objectclass=nstombstone))
# requesting: numsubordinates tombstoneNumSubordinates hassubordinates
nsds5ReplConflict
#
# testpokorra.de
dn: dc=testpokorra,dc=de
numsubordinates: 1
hassubordinates: TRUE
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Now, counting the subordinates on a fresh domain, also shows 7, but
ldapsearch only shows 6 children:
bash-4.1# ldapsearch -x -h localhost -D "cn=Directory Manager" -w
"$DirectoryManagerPwd" -b "dc=test2,dc=pokorra,dc=de"
"(|(objectclass=*)(objectclass=nstombstone))" numsubordinates
tombstoneNumSubordinates hassubordinates nsds5ReplConflict
# extended LDIF
#
# LDAPv3
# base <dc=test2,dc=pokorra,dc=de> with scope subtree
# filter: (|(objectclass=*)(objectclass=nstombstone))
# requesting: numsubordinates tombstoneNumSubordinates hassubordinates
nsds5ReplConflict
#
# test2.pokorra.de
dn: dc=test2,dc=pokorra,dc=de
numsubordinates: 7
hassubordinates: TRUE
# Directory Administrators, test2.pokorra.de
dn: cn=Directory Administrators,dc=test2,dc=pokorra,dc=de
numsubordinates: 0
hassubordinates: FALSE
# Groups, test2.pokorra.de
dn: ou=Groups,dc=test2,dc=pokorra,dc=de
numsubordinates: 0
hassubordinates: FALSE
# People, test2.pokorra.de
dn: ou=People,dc=test2,dc=pokorra,dc=de
numsubordinates: 0
hassubordinates: FALSE
# Special Users, test2.pokorra.de
dn: ou=Special Users,dc=test2,dc=pokorra,dc=de
numsubordinates: 0
hassubordinates: FALSE
# Resources, test2.pokorra.de
dn: ou=Resources,dc=test2,dc=pokorra,dc=de
numsubordinates: 0
hassubordinates: FALSE
# Shared Folders, test2.pokorra.de
dn: ou=Shared Folders,dc=test2,dc=pokorra,dc=de
numsubordinates: 0
hassubordinates: FALSE
# search result
search: 2
result: 0 Success
# numResponses: 8
# numEntries: 7
Does anyone have an idea where the extra subordinate comes from, and how
to delete it?
Thanks,
Timotheus
More information about the devel
mailing list