[Freeipa-users] IPA fails to find certain AD groups

Wed, 07 Jun 2023 05:27:21 -0700

When trying to add an AD group in an external group IPA fails to add certain groups. Error: "trusted domain object not found"
These groups do definitely exist in AD. I checked every domain controller just to rule out an AD LDAP replication issue. 


I tried to replace a domain local group with a global group in the exact 
same OU. (group name differs only in one single letter) Trying to add 
the new group in IPA fails. Trying to add the old one (that has 
previously worked in IPA) again does also fail.


VERSION: 4.9.11, API_VERSION: 2.251

I did some OS Updates recently containing:
0:idm-pki-acme-10.14.3-1.0.1.module+el8.8.0+20999+6d4394a9.noarch
0:idm-pki-base-10.14.3-1.0.1.module+el8.8.0+20999+6d4394a9.noarch
0:idm-pki-base-java-10.14.3-1.0.1.module+el8.8.0+20999+6d4394a9.noarch
0:idm-pki-ca-10.14.3-1.0.1.module+el8.8.0+20999+6d4394a9.noarch
0:idm-pki-kra-10.14.3-1.0.1.module+el8.8.0+20999+6d4394a9.noarch
0:idm-pki-server-10.14.3-1.0.1.module+el8.8.0+20999+6d4394a9.noarch
0:idm-pki-symkey-10.14.3-1.0.1.module+el8.8.0+20999+6d4394a9.x86_64
0:idm-pki-tools-10.14.3-1.0.1.module+el8.8.0+20999+6d4394a9.x86_64
0:ipa-client-4.9.11-5.0.1.module+el8.8.0+21013+a1d8660b.x86_64
0:ipa-client-common-4.9.11-5.0.1.module+el8.8.0+21013+a1d8660b.noarch
0:ipa-common-4.9.11-5.0.1.module+el8.8.0+21013+a1d8660b.noarch
0:ipa-healthcheck-0.12-1.module+el8.8.0+21013+a1d8660b.noarch
0:ipa-healthcheck-core-0.12-1.module+el8.8.0+21013+a1d8660b.noarch
0:ipa-selinux-4.9.11-5.0.1.module+el8.8.0+21013+a1d8660b.noarch
0:ipa-server-4.9.11-5.0.1.module+el8.8.0+21013+a1d8660b.x86_64
0:ipa-server-common-4.9.11-5.0.1.module+el8.8.0+21013+a1d8660b.noarch
0:ipa-server-trust-ad-4.9.11-5.0.1.module+el8.8.0+21013+a1d8660b.x86_64

and

0:python3-idm-pki-10.14.3-1.0.1.module+el8.8.0+20999+6d4394a9.noarch
0:python3-ipaclient-4.9.11-5.0.1.module+el8.8.0+21013+a1d8660b.noarch
0:python3-ipalib-4.9.11-5.0.1.module+el8.8.0+21013+a1d8660b.noarch
0:python3-ipaserver-4.9.11-5.0.1.module+el8.8.0+21013+a1d8660b.noarch

(can provide full list if necessary)

Maybe I introduced some kind of bug when updating...

Cheers,
Ronald
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue






















					Reply via email to