DSA is unwilling to perform deleting subtree

Technote (troubleshooting)


Problem(Abstract)

This technote shows how to debug a condition that may prevent removing a subtree using ldapdelete -s

Symptom

When trying to delete a subtree with (ids)ldapdelete -D <admin_dn> -w ? -s <subtree> error 53 is returned, "DSA is unwilling to perform"


Cause

The server will not delete any subtrees if there are any nested replication contexts.

Diagnosing the problem

In order to diagnose the issue, collect a dynamic ascii server trace:

a. idsldaptrace -D <admin_dn> -w ? -p <ldap_port> -a <admin_port> -l on -t start -m 65535 -o /tmp/server_trace.out

b. Attempt to delete the subtree with idsldapdelete -D <admin_dn> -w ? -s <subtree>

c. idsldaptrace -D <admin_dn> -w ? -p <ldap_port> -a <admin_port> -l off -t stop

Resolving the problem: Once we had the trace file, we could see the following message in the server trace:

061:18:43:24 T2314 K659627 anyNestedSubtree:internal search returns more than 1 replctxt with base=o=sample


Resolving the problem

Perform the following search:


idsldapsearch -D <admin_dn> -w ? -b <subtree> objectclass=ibm-replicationContext

If one or more DNs are returned, perform a delete on each DN. Once the replication contexts are removed, then the subtree delete (idsldapdelete -s) can be used successfully to remove the entire subtree


Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Security Directory Server
General

Software version:

5.2, 6.0, 6.2, 6.3

Operating system(s):

All Platforms

Reference #:

1470129

Modified date:

2013-02-01

Translate my page

Machine Translation

Content navigation