We found that we have a cert profile that was deleted in the ui and then we attempted to
re-create it, but it will not.
ipa: ERROR: Request failed with status 409: Non-2xx response from CA REST API: 409. Unable
to create profile: Profile already exists
The profile does not show in the UI or via the CLI
$ ipa certprofile-find controlServersKubeAPIClustertest1
<blank>
$ ipa certprofile-show controlServersKubeAPIClustertest1
<blank>
But when checking ldap itself we can see it.
$ ldapsearch -LLL -o ldif-wrap=no -w $pass -D 'cn=Directory Manager' -b
'o=ipaca' | grep controlServersKubeAPIClustertest1
dn: cn=controlServersKubeAPIClustertest1,ou=certificateProfiles,ou=ca,o=ipaca
cn: controlServersKubeAPIClustertest1
extdata-profileid: controlServersKubeAPIClustertest1
metaInfo: profileId:controlServersKubeAPIClustertest1
extdata-profileid: controlServersKubeAPIClustertest1
metaInfo: profileId:controlServersKubeAPIClustertest1
extdata-profileid: controlServersKubeAPIClustertest1
metaInfo: profileId:controlServersKubeAPIClustertest1
extdata-profileid: controlServersKubeAPIClustertest1
metaInfo: profileId:controlServersKubeAPIClustertest1
extdata-profileid: controlServersKubeAPIClustertest1
metaInfo: profileId:controlServersKubeAPIClustertest1
Apart from doing an ldapdelete on that dn: , is there a better way to clean up that
"ghost" cert profile? (and the corresponding certs?)
thanks,
Nick