Hi, I've reported a bug against SSSD and Lukas has pointed to a number of FreeIPA errors in our logs. I've can't find any information on how I might fix these errors or what I might do to mitigate them. Any pointers appreciated:
First error: [sssd[be[unixdev.domain.org.au]]] [ipa_sudo_fetch_rules_done] (0x0040): Received 1 sudo rules [sssd[be[unixdev.domain.org.au]]] [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such attribute](16)[attribute 'member': no matching attribute value while deleting attribute on 'name= ipa_bioinf_st...@unixdev.domain.org.au,cn=groups,cn=unixdev.domain.org.au,cn=sysdb'] [sssd[be[unixdev.domain.org.au]]] [sysdb_error_to_errno] (0x0020): LDB returned unexpected error: [No such attribute] [sssd[be[unixdev.domain.org.au]]] [sysdb_update_members_ex] (0x0020): Could not remove member [simpsonlach...@domain.org.au] from group [name= ipa_bioinf_st...@unixdev.domain.org.au,cn=groups,cn=unixdev.domain.org.au,cn=sysdb]. Skipping Second error is long list of errors that look like [sssd[be]] [get_ipa_groupname] (0x0020): Expected cn in second component, got OU [sssd[be]] [get_ipa_groupname] (0x0020): Expected groups second component, got Users I don't know enough about AD to speak meaningfully to these, but a quick google shows that a group can have cn=Users as it's second component ( see here for example https://technet.microsoft.com/en-us/library/dn579255%28v=ws.11%29.aspx ) Is there an LDAP query that I need to define or add to the IPA server? cheers L. ------ The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project