DSA is unwilling to perform deleting subtree

Troubleshooting

Problem

This technote shows how to debug a condition that may prevent removing a subtree using ldapdelete -s

Symptom

When trying to delete a subtree with (ids)ldapdelete -D <admin_dn> -w ? -s <subtree> error 53 is returned, "DSA is unwilling to perform"

Cause

The server will not delete any subtrees if there are any nested replication contexts.

Diagnosing The Problem

In order to diagnose the issue, collect a dynamic ascii server trace:

a. idsldaptrace -D <admin_dn> -w ? -p <ldap_port> -a <admin_port> -l on -t start -m 65535 -o /tmp/server_trace.out

b. Attempt to delete the subtree with idsldapdelete -D <admin_dn> -w ? -s <subtree>

c. idsldaptrace -D <admin_dn> -w ? -p <ldap_port> -a <admin_port> -l off -t stop

Resolving the problem: Once we had the trace file, we could see the following message in the server trace:

061:18:43:24 T2314 K659627 anyNestedSubtree:internal search returns more than 1 replctxt with base=o=sample

Resolving The Problem

Perform the following search:

idsldapsearch -D <admin_dn> -w ? -b <subtree> objectclass=ibm-replicationContext

If one or more DNs are returned, perform a delete on each DN. Once the replication contexts are removed, then the subtree delete (idsldapdelete -s) can be used successfully to remove the entire subtree

[{"Product":{"code":"SSVJJU","label":"IBM Security Directory Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0;6.1;6.2;6.3;6.3.1;6.4;8.0;8.0.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

DSA is unwilling to perform deleting subtree

Troubleshooting

Problem

Symptom

Cause

Diagnosing The Problem

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?