Sven Jansen via FreeIPA-users wrote: > Hi, > > I see the same problem on my IPA installations for around one or two > weeks now. All affected machines run FreeIPA 4.9.13-20. > > * one machine is a RHEL 8.10 standalone deployment > * two machines are AlmaLinux 8.10 sync between each other > * All instances have the full capability, DNS, Certificate Authority > and acme. > > These installations are not related and in different companys. On the > first RHEL machine, users are listed, groups are not, some other object > types are missing, you can find objects by searching for the name, same > with ipa find-user. Fresh created users/group/hosts work fine and show > up in Web interface and ipa find-user.
Can you be more precise? Users are listed where? Through SSSD/nss? Via the command-line/UI tools? Are they in LDAP? In what context is this happening? Did it start out of the blue or after something was done? It may even be something that seems benign. > > On the second pair (running AlmaLinux), its a bit different, no users, > groups, hosts, sudo rules etc. are shown, only fresh created objects > show up by using the Web interface or using ipa command. DNS is a bit > different, on IPA1, all DNS zones are visible, on IPA2, no zones are > visible, except i create a new zone. Luckly i still can see all zones on > IPA1. Searching for DNS zones on IPA2 does not work, but i can reach the > zone by changing the url to “/ipa/ui/#/e/dnszone/records/mydomain.com” > on IPA2, so they are there and accessible. > > I tried to edit existing objects to see if they pop up, but no luck. I > ran ipa-server-upgrade to see if some migration is missing, but it > finish without issue and the problem persist. > > No issues with DNS lookups, getting certs or provide authentication, > just searching/showing objects is broken I have no clue how to fix that, > i can see no “useful” information in my slapd logs or i dont know what > to lock for. > > How are you authenticating? If no users exist then its quite surprising that you can authenticate. Do you see them in LDAP? rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
