When investigating T366263 arturo found a record that doesn't fit with our schema, likely a result of a hand-editing copy/paste error:
cn=toolsbeta.test8,ou=people,ou=servicegroups,dc=wikimedia,dc=org
We're unable to delete this record because it is present in the r/o server but not present on the r/w/ servers. In theory the r/o servers are synced from the r/w servers, so something spooky is going on.
Present on the replica:
root@cloudcontrol1006:~# ldapsearch -H ldap://ldap-replica1003.wikimedia.org:389 -x -b cn=toolsbeta.test8,ou=people,ou=servicegroups,dc=wikimedia,dc=org # extended LDIF # # LDAPv3 # base <cn=toolsbeta.test8,ou=people,ou=servicegroups,dc=wikimedia,dc=org> with scope subtree # filter: (objectclass=*) # requesting: ALL # # toolsbeta.test8, people, servicegroups, wikimedia.org dn: cn=toolsbeta.test8,ou=people,ou=servicegroups,dc=wikimedia,dc=org uid: toolsbeta.test8 cn: toolsbeta.test8 sn: toolsbeta.test8 uidNumber: 54867 gidNumber: 54867 homeDirectory: /data/project/test8 loginShell: /bin/bash objectClass: shadowAccount objectClass: posixAccount objectClass: person objectClass: top # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
Missing on serpens
root@cloudcontrol1006:~# ldapsearch -H ldap://serpens.wikimedia.org:389 -x -b cn=toolsbeta.test8,ou=people,ou=servicegroups,dc=wikimedia,dc=org # extended LDIF # # LDAPv3 # base <cn=toolsbeta.test8,ou=people,ou=servicegroups,dc=wikimedia,dc=org> with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object matchedDN: ou=people,ou=servicegroups,dc=wikimedia,dc=org # numResponses: 1