Delegated Admin Deleted org and attribute violation

You should be looking at your LDAP access log to see exactly what's the problem. "Attribute uniqueness violated" means that you're attempting to add something that both has a "unique" attribute, and already exists. It may be the name, it may be something else. You'll need to look.

DA doesn't actually "delete" anything. There have been bugs in DA where it didn't even set all the correct attributes for domain purge to remove all that stuff. You appear to be using a very old version of DA, and I suggest patching it.

jay_plesset at 2007-7-6 22:48:49 >

Hi Jay,

Yes you're probably right about it being a different issue.

1) Sun Java(tm) System Messaging Server 6.2-7.05 (built Sep 5 2006)

libimta.so 6.2-7.05 (built 12:18:44, Sep 5 2006)

SunOS msg01 5.10 Generic_118833-24 sun4v sparc SUNW,Sun-Fire-T200

Delegated Administrator 6.3-2.02 (built Mar 7, 2006)

Sun Java System Access Manager 7 2005Q4

Solaris is patched with the latest and greatest. I had the same issue before patching Messaging Server and DA.

2) I've created a number of organizations and users using DA, that worked fine, commnications express and calendar also both appear to work just fine.

I can remove users just fine, before commadmin domain purge, I run msuserpurge and csclean.

Now, when I want to delete the actual organization they obviously get marked as "deleted" and I have to use -g 0 when I do commadmin domain purge, but it doesn't work. commadmin domain purge appears to work, I get no errors, even in verbose mode it looks fine, except everything says the same in LDAP.

I've replaced the actual domain with acme.com :)

# ./commadmin domain purge -v -D admin -w password -n acme.com -d "*" -g 0 -X accm01.acme.com -p 80

[Debug]: DBG:Object = domain ; task = purge

[Debug]: default domain from Properties: acme.com

[Debug]: IShost from Properties: accm01.acme.com

[Debug]: ISPort from Properties: 80

[Debug]: Contacting : http://accm01.acme.com:80/commcli/auth

[Debug]: To servlet: domain=acme.com&username=admin&password=password&charsetenc=UTF-8

[Debug]: cookie => JSESSIONID=C60C53354E7A3CC9DFE8BA50BE3041B3;Path=/commcli

[Debug]: RECV: OK

[Debug]: RECV: OK

[Debug]: RECV: dn: uid=admin, ou=People, o=acme.com,dc=acme,dc=com

[Debug]: RECV: datasource: Sun ONE Messaging Server Installer

[Debug]: RECV: objectclass: ipUser

[Debug]: RECV: objectclass: top

[Debug]: RECV: objectclass: iplanet-am-managed-person

[Debug]: RECV: objectclass: iplanet-am-user-service

[Debug]: RECV: objectclass: icsCalendarUser

[Debug]: RECV: objectclass: iPlanetPreferences

[Debug]: RECV: objectclass: person

[Debug]: RECV: objectclass: inetAdmin

[Debug]: RECV: objectclass: inetMailUser

[Debug]: RECV: objectclass: userPresenceProfile

[Debug]: RECV: objectclass: inetorgperson

[Debug]: RECV: objectclass: inetLocalMailRecipient

[Debug]: RECV: objectclass: organizationalPerson

[Debug]: RECV: objectclass: inetUser

[Debug]: RECV: nsroledn: cn=Top-level Admin Role,dc=acme,dc=com

[Debug]: RECV: mailquota: -1

[Debug]: RECV: loginid: admin

[Debug]: RECV: uid: admin

[Debug]: RECV: userpassword: {SSHA}RDI/jttF2mJBn/guc4zi74WupckeR+B+zjCPZA==

[Debug]: RECV: mail: Store.Administrator@acme.com

[Debug]: RECV: givenname: Store

[Debug]: RECV: mailuserstatus: active

[Debug]: RECV: icssubscribed: admin@acme.com:anonymous$admin@acme.com:anonymous

[Debug]: RECV: sn: Top Level Admin

[Debug]: RECV: surname: Top Level Admin

[Debug]: RECV: cn: Top Level Admin

[Debug]: RECV: maildeliveryoption: mailbox

[Debug]: RECV: icscalendarowned: admin@acme.com:anonymous$

[Debug]: RECV: memberof: cn=Service Administrators,ou=Groups,dc=acme,dc=com

[Debug]: RECV: initials: TLA

[Debug]: RECV: mailhost: comx01.acme.com

[Debug]: RECV: mailmsgquota: -1

[Debug]: RECV: iplanet-am-user-login-status: Active

[Debug]: RECV: inetuserstatus: active

[Debug]: RECV:

[Debug]: DBG: before getobjtaskargs

[Debug]: In getObjTaskArgs for: domain; purge

[Debug]: Contacting : http://accm01.acme.com:80/commcli/climap

[Debug]: Sending to servlet: task=purge&object=domain

[Debug]: getObjTaskArgs Status: 0

[Debug]: Number of servlets: 1

[Debug]: Servlet Name: TaskManager

[Debug]: Servlet args: task=PurgeDomain

[Debug]: Servlet args: objecttype=Domain

[Debug]: Valid Options Array: 4

d, true, *, true, true, [search_op]domain pattern, search_op=~=, =,!=,>=, or <=, domain, ,

S, true, , false, true, service(s) to be purged, services, ,

g, true, 10, false, true, grace period (days), purgegrace, ,

r, false, , false, true, recursively delete subentries, recursive=yes, ,

[Debug]: DBG: getObjTaskArgs done

[Debug]: servInfo len = 1

[Debug]: argVal =*

[Debug]: servCommand =task=PurgeDomain&objecttype=Domain&domain=*

[Debug]: argVal =0

[Debug]: servCommand =task=PurgeDomain&objecttype=Domain&domain=*&purgegrace=0

[Debug]: Contacting : http://accm01.acme.com:80/commcli/TaskManager

[Debug]: To servlet: task=PurgeDomain&objecttype=Domain&domain=*&purgegrace=0

[Debug]: RECV: OK

[Debug]: RECV:

[Debug]: CLITask: status returned =OK

OK

[Debug]: DBG: doOne returned code=0

[Debug]: Contacting : http://accm01.acme.com:80/commcli/logout

[Debug]: Logout ...

[Debug]: RECV: SSOToken id AQIC5wM2LY4SfczYpHHUrvgaZnCL10QKi1CbUcI+yMCK72s=@AAJTSQACMDE=#

[Debug]: RECV: destroyed

If I then do an LDAP search, I still see the domains there, eventhough I've set mailDomainStatus: removed(as suggested in other threads)

dn: o=test3.dk,dc=acme,dc=com

o: test3.dk

sunNameSpaceUniqueAttrs: uid

sunMaxUsers: -1

sunOrgType: full

sunPreferredDomain: test3.dk

sunEnableGAB: false

preferredMailHost: msg01.acme.com

mailClientAttachmentQuota: -1

mailDomainDiskQuota: -1

objectClass: inetdomainauthinfo

objectClass: sunismanagedorganization

objectClass: top

objectClass: sunnamespace

objectClass: sundelegatedorganization

objectClass: sunmanagedorganization

objectClass: maildomain

objectClass: icscalendardomain

objectClass: organization

icsDWPBackEndHosts: cal01.acme.com

icsStatus: Active

preferredLanguage: en

sunRegisteredServiceName: DomainMailService

sunRegisteredServiceName: GroupMailService

sunRegisteredServiceName: iPlanetAMAuthMembershipService

sunRegisteredServiceName: UserMailService

sunRegisteredServiceName: iPlanetAMAuthService

sunRegisteredServiceName: iPlanetAMAuthConfiguration

sunRegisteredServiceName: UserCalendarService

sunRegisteredServiceName: iPlanetAMPolicyConfigService

sunRegisteredServiceName: iPlanetAMAuthLDAPService

sunRegisteredServiceName: DomainCalendarService

sunNumUsers: 0

sunAvailableServices: earth:10:0

inetDomainStatus: removed

mailDomainStatus: removed

3) Not a lot.

4) Organizations removed from LDAP, as it is now they are blocking should I want to re-add them, and of course filling up LDAP :-/

Lasse_Osterild at 2007-7-6 22:48:49 >

Hi,

Make sure you set icsStatus to removed using ldapmodify and run the purge command again.

In theory you should be running msuserpurge and csclean first which should be setting icsStatus and mailDomainStatus to be removed.

Did you run these commands? If so what was the result?

Regards,

Shane.

shane_hjorth at 2007-7-6 22:48:50 >

Hi,

What was the exact syntax that you tried?

Perhaps you should start from the beginning, run through the steps of creating a domain, enabling calendar & mail, creating a user, logging in and accessing calendar & mail, purging calendar, purging mail & purging domain.

I personally haven't used DA much myself (mainly the GUI for testing) so I haven't written up steps in my own 'bouncing ball' style.

If nothing else the steps will be useful for yourself if you need to go through them in the future and for others on this forum.

Regards,

Shane.

shane_hjorth at 2007-7-6 22:48:50 >