Yeah, i'm found it! nsslapd-errorlog-level: 81920
[08/Aug/2018:14:48:36.815877034 +0300] - DEBUG - ipa-sidgen-postop - Found domain SID [S-1-5-21-3815719817-1094829178-2612344331]. [08/Aug/2018:14:48:37.775597841 +0300] - DEBUG - ipa-sidgen-postop - Trying to add SID for [cn=sidgen,cn=ipa-sidgen-task,cn=tasks,cn=config]. [08/Aug/2018:14:48:37.819957874 +0300] - DEBUG - ipa-sidgen-postop - [cn=sidgen,cn=ipa-sidgen-task,cn=tasks,cn=config] does not have Posix IDs, nothing to do. [08/Aug/2018:14:48:40.810439175 +0300] - ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 194]: Sidgen task starts ... [08/Aug/2018:14:48:40.864083206 +0300] - DEBUG - ipa-sidgen-postop - Base DN: [dc=domain], Filter: [(&(objectclass=ipaobject)(!(objectclass=mepmanagedentry))(|(objectclass=posixaccount)(objectclass=posixgroup)(objectclass=ipaidobject))(!(ipantsecurityidentifier=*)))]. [08/Aug/2018:14:48:41.935631916 +0300] - DEBUG - ipa-sidgen-postop - Trying to add SID for [uid=bad_user_here,cn=staged users,cn=accounts,cn=provisioning,dc=domain]. [08/Aug/2018:14:48:41.976041848 +0300] - ERR - find_sid_for_ldap_entry - [file ipa_sidgen_common.c, line 483]: ID value too large. [08/Aug/2018:14:48:42.226947787 +0300] - ERR - do_work - [file ipa_sidgen_task.c, line 154]: Cannot add SID to existing entry. [08/Aug/2018:14:48:42.644938556 +0300] - DEBUG - ipa-sidgen-postop - do_work finished with [19]. [08/Aug/2018:14:48:42.686593559 +0300] - ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task finished [19]. ldapsearch -D "cn=Directory Manager" -W -b cn=provisioning,dc=aim 'uid=bad_user_here' | grep -E "uidN|gidN" uidNumber: -1 gidNumber: -1 After remove his, all done ok. Thank you! _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/NSIEUENP75YCPXWZCEA2UID2EG3JC6NV/
