On Wed, Oct 15, 2014 at 5:04 PM, Rich Megginson <rmegg...@redhat.com> wrote:

>  On 10/15/2014 04:43 PM, Clint Savage wrote:
>
>  On Wed, Oct 15, 2014 at 2:33 PM, Rich Megginson <rmegg...@redhat.com>
> wrote:
>
>> On 10/15/2014 02:05 PM, Rob Crittenden wrote:
>>
>>> Clint Savage wrote:
>>>
>>>> $ rpm -q ipa-server
>>>> ipa-server-3.3.3-28.el7.centos.1.x86_64
>>>>
>>>> I was thinking that this might be an issue with the rhel7 version. I'm
>>>> going to be trying the same migration tonight on rhel6. I know the IPA
>>>> version is older, and samba stuff might not work as it does in 3.3. I
>>>> haven't looked in RHEL 6.6 yet to see what version of IPA is available.
>>>>
>>> I tested using a fairly recent IPA master build (4.1+). I'm not
>>> convinced it is related to any specific version, but different features
>>> are available so I thought I'd try to duplicate on a more similar
>>> footing (apples to apples comparision).
>>>
>>> The trick is to try to narrow down what attribute the LDAP server thinks
>>> already exists. We don't get a very nice error out of LDAP, like *what*
>>> attribute already exists, for example :-(
>>>
>>> It may be possible to set the 389-ds debug level to such that you get
>>> some decent output, but trying to find the right balance of output can
>>> be challenging. See their FAQ troubleshooting section.
>>>
>>
>> http://www.port389.org/docs/389ds/FAQ/faq.html#troubleshooting
>>
>> Try the ARGS (Heavy trace output debugging) level
>>
>>
>>
>>> rob
>>>
>>>
>>>  Clint
>>>>
>>>> On Wed, Oct 15, 2014 at 1:16 PM, Rob Crittenden <rcrit...@redhat.com
>>>> <mailto:rcrit...@redhat.com>> wrote:
>>>>
>>>>      Ludwig Krispenz wrote:
>>>>      >
>>>>      > On 10/14/2014 06:58 PM, Clint Savage wrote:
>>>>      >> Hi all,
>>>>      >>
>>>>      >> I've been working on a migration plan using three custom user
>>>>      >> objectClasses and one group objectclass. In my attempt, I've
>>>> setup an
>>>>      >> openldap server with the proper schemas, imported the ldif and
>>>> have
>>>>      >> records that look something like this in ldif format.
>>>>      >>
>>>>      >>
>>>>
>>>>  -----------------------------------------------------------------------
>>>>      >>
>>>>      >> dn: dc=example,dc=com
>>>>      >> objectClass: top
>>>>      >> objectClass: domain
>>>>      >> dc: example
>>>>      >>
>>>>      >> dn: ou=Groups,dc=example,dc=com
>>>>      >> objectClass: top
>>>>      >> objectClass: organizationalunit
>>>>      >> ou: Groups
>>>>      >>
>>>>      >> dn: ou=People,dc=example,dc=com
>>>>      >> objectClass: top
>>>>      >> objectClass: organizationalunit
>>>>      >> ou: People
>>>>      >>
>>>>      >> dn: uid=amyengh,ou=People,dc=example,dc=com
>>>>      >> objectClass: inetOrgPerson
>>>>      >> objectClass: posixAccount
>>>>      >> objectClass: top
>>>>      >> objectClass: organizationalPerson
>>>>      >> objectClass: person
>>>>      >> objectClass: radiusProfile
>>>>      >> objectClass: sambaSamAccount
>>>>      >> objectClass: customPersonAttributes
>>>>      >> cn: Amy Engh
>>>>      >> gidNumber: 1141801056
>>>>      >> homeDirectory: /home/amyengh
>>>>      >> sn: Engh
>>>>      >> uid: amyengh
>>>>      >> uidNumber: 1141801056
>>>>      >> displayName: Amy Engh
>>>>      >> givenName: Amy
>>>>      >> loginShell: /sbin/nologin
>>>>      >> mail: amye...@attask.com <mailto:amye...@attask.com>
>>>>      <mailto:amye...@attask.com <mailto:amye...@attask.com>>
>>>>      >> userPassword:: REDACTED
>>>>      >> dialupAccess: yes
>>>>      >> radiusTunnelMediumType: IEEE-802
>>>>      >> radiusTunnelPrivateGroupId: 1421
>>>>      >> radiusTunnelType: VLAN
>>>>      >> emailPassword:: REDACTED
>>>>      >> sambaAcctFlags: [U          ]
>>>>      >> sambaLMPassword: REDACTED
>>>>      >> sambaNTPassword: REDACTED
>>>>      >> sambaPasswordHistory:
>>>>      >> 000000000000000000000000000000000000000000000000000000
>>>>      >>  0000000000
>>>>      >> sambaPwdLastSet: 1402698001
>>>>      >> sambaSID: S-1-5-21-2332447373-4108748234-3602490535-3146
>>>>      >>
>>>>      >> dn: cn=amyengh,ou=Groups,dc=example,dc=com
>>>>      >> objectClass: top
>>>>      >> objectClass: posixGroup
>>>>      >> cn: amyengh
>>>>      >> gidNumber: 1141801056
>>>>      >> memberUid: amyengh
>>>>      >>
>>>>      >>
>>>> --------------------------------------------------------------------
>>>>      >>
>>>>      >> I then run the migration (with or without compat makes no
>>>> difference)
>>>>      >> and get the following:
>>>>      >>
>>>>      >> ipa migrate-ds --with-compat --user-container="ou=People"
>>>>      >> --group-container="ou=Groups" --user-objectclass=posixAccount
>>>>      >> --group-objectclass=posixgroup ldap://192.168.122.210
>>>>      <http://192.168.122.210>
>>>>      >> <http://192.168.122.210>
>>>> --bind-dn="cn=Manager,dc=example,dc=com"
>>>>      >> Password:
>>>>      >> -----------
>>>>      >> migrate-ds:
>>>>      >> -----------
>>>>      >> Migrated:
>>>>      >> Failed user:
>>>>      >>   amyengh: Type or value exists:
>>>>      >> Failed group:
>>>>      >>   amyengh: This entry already exists.
>>>>      > "type or value exists" and "This entry already exists" are just
>>>>      > explanations of the ldap return code, do you see anything in the
>>>> 389 ds
>>>>      > error logs ?
>>>>
>>>>      I doubt that he would see any errors.
>>>>
>>>>      The entry already existing is because this isn't his first
>>>> migration, it
>>>>      is unrelated.
>>>>
>>>>      I'm not able to reproduce this. What version of IPA is it?
>>>>
>>>>      rob
>>>>
>>>>      --
>>>>      Manage your subscription for the Freeipa-users mailing list:
>>>>      https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>      Go To http://freeipa.org for more info on the project
>>>>
>>>>
>>>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go To http://freeipa.org for more info on the project
>>
>
> This is what I get in the logs when running the migration:
>
> ==> access <==
> [15/Oct/2014:18:35:46 -0400] conn=8 op=166 SRCH
> base="idnsName=_tcp,idnsname=example.com,cn=dns,dc=example,dc=com"
> scope=0 filter="(objectClass=idnsRecord)" attrs=ALL
> [15/Oct/2014:18:35:46 -0400] conn=8 op=166 RESULT err=32 tag=101
> nentries=0 etime=0
> [15/Oct/2014:18:35:48 -0400] conn=606 fd=79 slot=79 connection from
> 192.168.122.200 to 192.168.122.200
> [15/Oct/2014:18:35:48 -0400] conn=4 op=960 SRCH base="dc=example,dc=com"
> scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/
> example....@example.com))" attrs="krbPrincipalName krbCanonicalName
> ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType objectClass"
> [15/Oct/2014:18:35:48 -0400] conn=4 op=960 RESULT err=0 tag=101 nentries=1
> etime=0
> [15/Oct/2014:18:35:48 -0400] conn=4 op=961 SRCH base="dc=example,dc=com"
> scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/
> ipa7.example....@example.com)(krbPrincipalName=ldap/
> ipa7.example....@example.com)))" attrs="krbPrincipalName krbCanonicalName
> ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType objectClass"
> [15/Oct/2014:18:35:48 -0400] conn=4 op=961 RESULT err=0 tag=101 nentries=1
> etime=0
> [15/Oct/2014:18:35:48 -0400] conn=4 op=962 SRCH 
> base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com"
> scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
> krbMaxRenewableAge krbTicketFlags"
> [15/Oct/2014:18:35:48 -0400] conn=4 op=962 RESULT err=0 tag=101 nentries=1
> etime=0
> [15/Oct/2014:18:35:48 -0400] conn=4 op=963 SRCH base="dc=example,dc=com"
> scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/
> ipa7.example....@example.com))" attrs="krbPrincipalName krbCanonicalName
> ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType objectClass"
> [15/Oct/2014:18:35:48 -0400] conn=4 op=963 RESULT err=0 tag=101 nentries=1
> etime=0
> [15/Oct/2014:18:35:48 -0400] conn=4 op=964 SRCH 
> base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com"
> scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
> krbMaxRenewableAge krbTicketFlags"
> [15/Oct/2014:18:35:48 -0400] conn=4 op=964 RESULT err=0 tag=101 nentries=1
> etime=0
> [15/Oct/2014:18:35:48 -0400] conn=4 op=965 SRCH base="dc=example,dc=com"
> scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/
> ipa7.example....@example.com))" attrs="objectClass memberPrincipal"
> [15/Oct/2014:18:35:48 -0400] conn=4 op=965 RESULT err=0 tag=101 nentries=1
> etime=0
> [15/Oct/2014:18:35:48 -0400] conn=4 op=966 SRCH base="dc=example,dc=com"
> scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=
> ad...@example.com))" attrs="krbPrincipalName krbCanonicalName
> ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType objectClass"
> [15/Oct/2014:18:35:48 -0400] conn=4 op=966 RESULT err=0 tag=101 nentries=1
> etime=0
> [15/Oct/2014:18:35:48 -0400] conn=4 op=967 SRCH 
> base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com"
> scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
> krbMaxRenewableAge krbTicketFlags"
> [15/Oct/2014:18:35:48 -0400] conn=4 op=967 RESULT err=0 tag=101 nentries=1
> etime=0
> [15/Oct/2014:18:35:48 -0400] conn=606 op=0 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [15/Oct/2014:18:35:48 -0400] conn=606 op=0 RESULT err=14 tag=97 nentries=0
> etime=0, SASL bind in progress
> [15/Oct/2014:18:35:48 -0400] conn=606 op=1 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [15/Oct/2014:18:35:48 -0400] conn=606 op=1 RESULT err=14 tag=97 nentries=0
> etime=0, SASL bind in progress
> [15/Oct/2014:18:35:48 -0400] conn=606 op=2 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [15/Oct/2014:18:35:48 -0400] conn=606 op=2 RESULT err=0 tag=97 nentries=0
> etime=0 dn="uid=admin,cn=users,cn=accounts,dc=example,dc=com"
> [15/Oct/2014:18:35:48 -0400] conn=606 op=3 SRCH
> base="cn=ipaconfig,cn=etc,dc=example,dc=com" scope=0
> filter="(objectClass=*)" attrs=ALL
> [15/Oct/2014:18:35:48 -0400] conn=606 op=3 RESULT err=0 tag=101 nentries=1
> etime=0
> [15/Oct/2014:18:35:48 -0400] conn=606 op=4 SRCH
> base="cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com" scope=0
> filter="(objectClass=*)" attrs="gidNumber cn"
> [15/Oct/2014:18:35:48 -0400] conn=606 op=4 RESULT err=0 tag=101 nentries=1
> etime=0
> [15/Oct/2014:18:35:48 -0400] conn=606 op=5 SRCH base="cn=UPG
> Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=example,dc=com"
> scope=0 filter="(objectClass=*)" attrs="* aci"
> [15/Oct/2014:18:35:48 -0400] conn=606 op=5 RESULT err=0 tag=101 nentries=1
> etime=0
> [15/Oct/2014:18:35:48 -0400] conn=606 op=6 SRCH
> base="cn=ipaconfig,cn=etc,dc=example,dc=com" scope=0
> filter="(objectClass=*)" attrs=ALL
> [15/Oct/2014:18:35:48 -0400] conn=606 op=6 RESULT err=0 tag=101 nentries=1
> etime=0
> [15/Oct/2014:18:35:48 -0400] conn=606 op=7 SRCH
> base="cn=users,cn=accounts,dc=example,dc=com" scope=2
> filter="(&(objectClass=krbprincipalaux)(krbPrincipalName=
> amye...@example.com))" attrs=""
> [15/Oct/2014:18:35:48 -0400] conn=606 op=7 RESULT err=0 tag=101 nentries=1
> etime=0
> [15/Oct/2014:18:35:48 -0400] conn=606 op=8 ADD
> dn="uid=amyengh,cn=users,cn=accounts,dc=example,dc=com", add values for
> type objectClass failed
> [15/Oct/2014:18:35:48 -0400] conn=606 op=8 RESULT err=20 tag=105
> nentries=0 etime=0
> [15/Oct/2014:18:35:48 -0400] conn=606 op=9 SRCH
> base="cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com" scope=0
> filter="(objectClass=*)" attrs="gidNumber cn"
> [15/Oct/2014:18:35:48 -0400] conn=606 op=9 RESULT err=0 tag=101 nentries=1
> etime=0
> [15/Oct/2014:18:35:48 -0400] conn=606 op=10 SRCH base="cn=UPG
> Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=example,dc=com"
> scope=0 filter="(objectClass=*)" attrs="* aci"
> [15/Oct/2014:18:35:48 -0400] conn=606 op=10 RESULT err=0 tag=101
> nentries=1 etime=0
> [15/Oct/2014:18:35:48 -0400] conn=606 op=11 ADD
> dn="cn=amyengh,cn=groups,cn=accounts,dc=example,dc=com"
> [15/Oct/2014:18:35:48 -0400] conn=606 op=11 RESULT err=68 tag=105
> nentries=0 etime=0
> [15/Oct/2014:18:35:48 -0400] conn=606 op=12 SRCH
> base="cn=users,cn=accounts,dc=example,dc=com" scope=2
> filter="(&(objectClass=posixAccount)(!(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com)))"
> attrs=""
> [15/Oct/2014:18:35:48 -0400] conn=606 op=12 RESULT err=0 tag=101
> nentries=0 etime=0
> [15/Oct/2014:18:35:48 -0400] conn=606 op=13 UNBIND
> [15/Oct/2014:18:35:48 -0400] conn=606 op=13 fd=79 closed - U1
>
>  It kind of looks like there's some sort of failure with my gidNumber or
> cn, but both the user and group objects have these values. Any idea what is
> going on there?
>
>
> Did you enable the ARGS level error logging in the errors log?  If so,
> what's in the errors log?
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>

Ha! I debated sending the error logs. I think Dmitri may be right about the
group value. I'll try that too.


==> errors <==
[15/Oct/2014:18:35:46 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=idnsRecord)"
attrs=ALL
[15/Oct/2014:18:35:46 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:46 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/
example....@example.com))" attrs="krbPrincipalName krbCanonicalName
ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/
ipa7.example....@example.com)(krbPrincipalName=ldap/
ipa7.example....@example.com)))" attrs="krbPrincipalName krbCanonicalName
ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/
ipa7.example....@example.com))" attrs="krbPrincipalName krbCanonicalName
ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/
ipa7.example....@example.com))" attrs="objectClass memberPrincipal"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=
ad...@example.com))" attrs="krbPrincipalName krbCanonicalName
ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    entryusn: 3439
[15/Oct/2014:18:35:48 -0400] -    replace: entryusn
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    index_addordel_values_ext_sv indexmask 0x2
[15/Oct/2014:18:35:48 -0400] -    index_addordel_values_ext_sv indexmask 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    entryusn: 3440
[15/Oct/2014:18:35:48 -0400] -    replace: entryusn
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    index_addordel_values_ext_sv indexmask 0x2
[15/Oct/2014:18:35:48 -0400] -    index_addordel_values_ext_sv indexmask 0x2
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=10 timelimit=2 attrsonly=0 filter="(objectClass=*)" attrs=ALL
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    entryusn: 3441
[15/Oct/2014:18:35:48 -0400] -    replace: entryusn
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    index_addordel_values_ext_sv indexmask 0x2
[15/Oct/2014:18:35:48 -0400] -    index_addordel_values_ext_sv indexmask 0x2
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=100 timelimit=2 attrsonly=0 filter="(objectClass=*)"
attrs="gidNumber cn"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=*)" attrs="* aci"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=10 timelimit=2 attrsonly=0 filter="(objectClass=*)" attrs=ALL
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0
sizelimit=100 timelimit=2 attrsonly=0
filter="(&(objectClass=krbprincipalaux)(krbPrincipalName=amye...@example.com))"
attrs=""
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] -     do_add: dn
(uid=amyengh,cn=users,cn=accounts,dc=example,dc=com)
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=100 timelimit=2 attrsonly=0 filter="(objectClass=*)"
attrs="gidNumber cn"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=*)" attrs="* aci"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] -     do_add: dn
(cn=amyengh,cn=groups,cn=accounts,dc=example,dc=com)
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - removing entire attribute hassubordinates
[15/Oct/2014:18:35:48 -0400] - removing entire attribute numsubordinates
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0
sizelimit=100 timelimit=0 attrsonly=0
filter="(&(objectClass=posixAccount)(!(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com)))"
attrs=""
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to