On Wed, Oct 15, 2014 at 5:04 PM, Rich Megginson <rmegg...@redhat.com> wrote:
> On 10/15/2014 04:43 PM, Clint Savage wrote: > > On Wed, Oct 15, 2014 at 2:33 PM, Rich Megginson <rmegg...@redhat.com> > wrote: > >> On 10/15/2014 02:05 PM, Rob Crittenden wrote: >> >>> Clint Savage wrote: >>> >>>> $ rpm -q ipa-server >>>> ipa-server-3.3.3-28.el7.centos.1.x86_64 >>>> >>>> I was thinking that this might be an issue with the rhel7 version. I'm >>>> going to be trying the same migration tonight on rhel6. I know the IPA >>>> version is older, and samba stuff might not work as it does in 3.3. I >>>> haven't looked in RHEL 6.6 yet to see what version of IPA is available. >>>> >>> I tested using a fairly recent IPA master build (4.1+). I'm not >>> convinced it is related to any specific version, but different features >>> are available so I thought I'd try to duplicate on a more similar >>> footing (apples to apples comparision). >>> >>> The trick is to try to narrow down what attribute the LDAP server thinks >>> already exists. We don't get a very nice error out of LDAP, like *what* >>> attribute already exists, for example :-( >>> >>> It may be possible to set the 389-ds debug level to such that you get >>> some decent output, but trying to find the right balance of output can >>> be challenging. See their FAQ troubleshooting section. >>> >> >> http://www.port389.org/docs/389ds/FAQ/faq.html#troubleshooting >> >> Try the ARGS (Heavy trace output debugging) level >> >> >> >>> rob >>> >>> >>> Clint >>>> >>>> On Wed, Oct 15, 2014 at 1:16 PM, Rob Crittenden <rcrit...@redhat.com >>>> <mailto:rcrit...@redhat.com>> wrote: >>>> >>>> Ludwig Krispenz wrote: >>>> > >>>> > On 10/14/2014 06:58 PM, Clint Savage wrote: >>>> >> Hi all, >>>> >> >>>> >> I've been working on a migration plan using three custom user >>>> >> objectClasses and one group objectclass. In my attempt, I've >>>> setup an >>>> >> openldap server with the proper schemas, imported the ldif and >>>> have >>>> >> records that look something like this in ldif format. >>>> >> >>>> >> >>>> >>>> ----------------------------------------------------------------------- >>>> >> >>>> >> dn: dc=example,dc=com >>>> >> objectClass: top >>>> >> objectClass: domain >>>> >> dc: example >>>> >> >>>> >> dn: ou=Groups,dc=example,dc=com >>>> >> objectClass: top >>>> >> objectClass: organizationalunit >>>> >> ou: Groups >>>> >> >>>> >> dn: ou=People,dc=example,dc=com >>>> >> objectClass: top >>>> >> objectClass: organizationalunit >>>> >> ou: People >>>> >> >>>> >> dn: uid=amyengh,ou=People,dc=example,dc=com >>>> >> objectClass: inetOrgPerson >>>> >> objectClass: posixAccount >>>> >> objectClass: top >>>> >> objectClass: organizationalPerson >>>> >> objectClass: person >>>> >> objectClass: radiusProfile >>>> >> objectClass: sambaSamAccount >>>> >> objectClass: customPersonAttributes >>>> >> cn: Amy Engh >>>> >> gidNumber: 1141801056 >>>> >> homeDirectory: /home/amyengh >>>> >> sn: Engh >>>> >> uid: amyengh >>>> >> uidNumber: 1141801056 >>>> >> displayName: Amy Engh >>>> >> givenName: Amy >>>> >> loginShell: /sbin/nologin >>>> >> mail: amye...@attask.com <mailto:amye...@attask.com> >>>> <mailto:amye...@attask.com <mailto:amye...@attask.com>> >>>> >> userPassword:: REDACTED >>>> >> dialupAccess: yes >>>> >> radiusTunnelMediumType: IEEE-802 >>>> >> radiusTunnelPrivateGroupId: 1421 >>>> >> radiusTunnelType: VLAN >>>> >> emailPassword:: REDACTED >>>> >> sambaAcctFlags: [U ] >>>> >> sambaLMPassword: REDACTED >>>> >> sambaNTPassword: REDACTED >>>> >> sambaPasswordHistory: >>>> >> 000000000000000000000000000000000000000000000000000000 >>>> >> 0000000000 >>>> >> sambaPwdLastSet: 1402698001 >>>> >> sambaSID: S-1-5-21-2332447373-4108748234-3602490535-3146 >>>> >> >>>> >> dn: cn=amyengh,ou=Groups,dc=example,dc=com >>>> >> objectClass: top >>>> >> objectClass: posixGroup >>>> >> cn: amyengh >>>> >> gidNumber: 1141801056 >>>> >> memberUid: amyengh >>>> >> >>>> >> >>>> -------------------------------------------------------------------- >>>> >> >>>> >> I then run the migration (with or without compat makes no >>>> difference) >>>> >> and get the following: >>>> >> >>>> >> ipa migrate-ds --with-compat --user-container="ou=People" >>>> >> --group-container="ou=Groups" --user-objectclass=posixAccount >>>> >> --group-objectclass=posixgroup ldap://192.168.122.210 >>>> <http://192.168.122.210> >>>> >> <http://192.168.122.210> >>>> --bind-dn="cn=Manager,dc=example,dc=com" >>>> >> Password: >>>> >> ----------- >>>> >> migrate-ds: >>>> >> ----------- >>>> >> Migrated: >>>> >> Failed user: >>>> >> amyengh: Type or value exists: >>>> >> Failed group: >>>> >> amyengh: This entry already exists. >>>> > "type or value exists" and "This entry already exists" are just >>>> > explanations of the ldap return code, do you see anything in the >>>> 389 ds >>>> > error logs ? >>>> >>>> I doubt that he would see any errors. >>>> >>>> The entry already existing is because this isn't his first >>>> migration, it >>>> is unrelated. >>>> >>>> I'm not able to reproduce this. What version of IPA is it? >>>> >>>> rob >>>> >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go To http://freeipa.org for more info on the project >>>> >>>> >>>> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go To http://freeipa.org for more info on the project >> > > This is what I get in the logs when running the migration: > > ==> access <== > [15/Oct/2014:18:35:46 -0400] conn=8 op=166 SRCH > base="idnsName=_tcp,idnsname=example.com,cn=dns,dc=example,dc=com" > scope=0 filter="(objectClass=idnsRecord)" attrs=ALL > [15/Oct/2014:18:35:46 -0400] conn=8 op=166 RESULT err=32 tag=101 > nentries=0 etime=0 > [15/Oct/2014:18:35:48 -0400] conn=606 fd=79 slot=79 connection from > 192.168.122.200 to 192.168.122.200 > [15/Oct/2014:18:35:48 -0400] conn=4 op=960 SRCH base="dc=example,dc=com" > scope=2 > filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/ > example....@example.com))" attrs="krbPrincipalName krbCanonicalName > ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference > krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference > krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases > krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData > krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife > krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData > ipaUserAuthType objectClass" > [15/Oct/2014:18:35:48 -0400] conn=4 op=960 RESULT err=0 tag=101 nentries=1 > etime=0 > [15/Oct/2014:18:35:48 -0400] conn=4 op=961 SRCH base="dc=example,dc=com" > scope=2 > filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ > ipa7.example....@example.com)(krbPrincipalName=ldap/ > ipa7.example....@example.com)))" attrs="krbPrincipalName krbCanonicalName > ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference > krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference > krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases > krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData > krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife > krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData > ipaUserAuthType objectClass" > [15/Oct/2014:18:35:48 -0400] conn=4 op=961 RESULT err=0 tag=101 nentries=1 > etime=0 > [15/Oct/2014:18:35:48 -0400] conn=4 op=962 SRCH > base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" > scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife > krbMaxRenewableAge krbTicketFlags" > [15/Oct/2014:18:35:48 -0400] conn=4 op=962 RESULT err=0 tag=101 nentries=1 > etime=0 > [15/Oct/2014:18:35:48 -0400] conn=4 op=963 SRCH base="dc=example,dc=com" > scope=2 > filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/ > ipa7.example....@example.com))" attrs="krbPrincipalName krbCanonicalName > ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference > krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference > krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases > krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData > krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife > krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData > ipaUserAuthType objectClass" > [15/Oct/2014:18:35:48 -0400] conn=4 op=963 RESULT err=0 tag=101 nentries=1 > etime=0 > [15/Oct/2014:18:35:48 -0400] conn=4 op=964 SRCH > base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" > scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife > krbMaxRenewableAge krbTicketFlags" > [15/Oct/2014:18:35:48 -0400] conn=4 op=964 RESULT err=0 tag=101 nentries=1 > etime=0 > [15/Oct/2014:18:35:48 -0400] conn=4 op=965 SRCH base="dc=example,dc=com" > scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/ > ipa7.example....@example.com))" attrs="objectClass memberPrincipal" > [15/Oct/2014:18:35:48 -0400] conn=4 op=965 RESULT err=0 tag=101 nentries=1 > etime=0 > [15/Oct/2014:18:35:48 -0400] conn=4 op=966 SRCH base="dc=example,dc=com" > scope=2 > filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName= > ad...@example.com))" attrs="krbPrincipalName krbCanonicalName > ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference > krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference > krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases > krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData > krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife > krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData > ipaUserAuthType objectClass" > [15/Oct/2014:18:35:48 -0400] conn=4 op=966 RESULT err=0 tag=101 nentries=1 > etime=0 > [15/Oct/2014:18:35:48 -0400] conn=4 op=967 SRCH > base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" > scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife > krbMaxRenewableAge krbTicketFlags" > [15/Oct/2014:18:35:48 -0400] conn=4 op=967 RESULT err=0 tag=101 nentries=1 > etime=0 > [15/Oct/2014:18:35:48 -0400] conn=606 op=0 BIND dn="" method=sasl > version=3 mech=GSSAPI > [15/Oct/2014:18:35:48 -0400] conn=606 op=0 RESULT err=14 tag=97 nentries=0 > etime=0, SASL bind in progress > [15/Oct/2014:18:35:48 -0400] conn=606 op=1 BIND dn="" method=sasl > version=3 mech=GSSAPI > [15/Oct/2014:18:35:48 -0400] conn=606 op=1 RESULT err=14 tag=97 nentries=0 > etime=0, SASL bind in progress > [15/Oct/2014:18:35:48 -0400] conn=606 op=2 BIND dn="" method=sasl > version=3 mech=GSSAPI > [15/Oct/2014:18:35:48 -0400] conn=606 op=2 RESULT err=0 tag=97 nentries=0 > etime=0 dn="uid=admin,cn=users,cn=accounts,dc=example,dc=com" > [15/Oct/2014:18:35:48 -0400] conn=606 op=3 SRCH > base="cn=ipaconfig,cn=etc,dc=example,dc=com" scope=0 > filter="(objectClass=*)" attrs=ALL > [15/Oct/2014:18:35:48 -0400] conn=606 op=3 RESULT err=0 tag=101 nentries=1 > etime=0 > [15/Oct/2014:18:35:48 -0400] conn=606 op=4 SRCH > base="cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com" scope=0 > filter="(objectClass=*)" attrs="gidNumber cn" > [15/Oct/2014:18:35:48 -0400] conn=606 op=4 RESULT err=0 tag=101 nentries=1 > etime=0 > [15/Oct/2014:18:35:48 -0400] conn=606 op=5 SRCH base="cn=UPG > Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=example,dc=com" > scope=0 filter="(objectClass=*)" attrs="* aci" > [15/Oct/2014:18:35:48 -0400] conn=606 op=5 RESULT err=0 tag=101 nentries=1 > etime=0 > [15/Oct/2014:18:35:48 -0400] conn=606 op=6 SRCH > base="cn=ipaconfig,cn=etc,dc=example,dc=com" scope=0 > filter="(objectClass=*)" attrs=ALL > [15/Oct/2014:18:35:48 -0400] conn=606 op=6 RESULT err=0 tag=101 nentries=1 > etime=0 > [15/Oct/2014:18:35:48 -0400] conn=606 op=7 SRCH > base="cn=users,cn=accounts,dc=example,dc=com" scope=2 > filter="(&(objectClass=krbprincipalaux)(krbPrincipalName= > amye...@example.com))" attrs="" > [15/Oct/2014:18:35:48 -0400] conn=606 op=7 RESULT err=0 tag=101 nentries=1 > etime=0 > [15/Oct/2014:18:35:48 -0400] conn=606 op=8 ADD > dn="uid=amyengh,cn=users,cn=accounts,dc=example,dc=com", add values for > type objectClass failed > [15/Oct/2014:18:35:48 -0400] conn=606 op=8 RESULT err=20 tag=105 > nentries=0 etime=0 > [15/Oct/2014:18:35:48 -0400] conn=606 op=9 SRCH > base="cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com" scope=0 > filter="(objectClass=*)" attrs="gidNumber cn" > [15/Oct/2014:18:35:48 -0400] conn=606 op=9 RESULT err=0 tag=101 nentries=1 > etime=0 > [15/Oct/2014:18:35:48 -0400] conn=606 op=10 SRCH base="cn=UPG > Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=example,dc=com" > scope=0 filter="(objectClass=*)" attrs="* aci" > [15/Oct/2014:18:35:48 -0400] conn=606 op=10 RESULT err=0 tag=101 > nentries=1 etime=0 > [15/Oct/2014:18:35:48 -0400] conn=606 op=11 ADD > dn="cn=amyengh,cn=groups,cn=accounts,dc=example,dc=com" > [15/Oct/2014:18:35:48 -0400] conn=606 op=11 RESULT err=68 tag=105 > nentries=0 etime=0 > [15/Oct/2014:18:35:48 -0400] conn=606 op=12 SRCH > base="cn=users,cn=accounts,dc=example,dc=com" scope=2 > filter="(&(objectClass=posixAccount)(!(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com)))" > attrs="" > [15/Oct/2014:18:35:48 -0400] conn=606 op=12 RESULT err=0 tag=101 > nentries=0 etime=0 > [15/Oct/2014:18:35:48 -0400] conn=606 op=13 UNBIND > [15/Oct/2014:18:35:48 -0400] conn=606 op=13 fd=79 closed - U1 > > It kind of looks like there's some sort of failure with my gidNumber or > cn, but both the user and group objects have these values. Any idea what is > going on there? > > > Did you enable the ARGS level error logging in the errors log? If so, > what's in the errors log? > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project > Ha! I debated sending the error logs. I think Dmitri may be right about the group value. I'll try that too. ==> errors <== [15/Oct/2014:18:35:46 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=idnsRecord)" attrs=ALL [15/Oct/2014:18:35:46 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:46 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/ example....@example.com))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass" [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ ipa7.example....@example.com)(krbPrincipalName=ldap/ ipa7.example....@example.com)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass" [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/ ipa7.example....@example.com))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass" [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/ ipa7.example....@example.com))" attrs="objectClass memberPrincipal" [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName= ad...@example.com))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass" [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags" [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config [15/Oct/2014:18:35:48 -0400] - replace: modifiersname [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config [15/Oct/2014:18:35:48 -0400] - replace: modifiersname [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config [15/Oct/2014:18:35:48 -0400] - replace: modifiersname [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - entryusn: 3439 [15/Oct/2014:18:35:48 -0400] - replace: entryusn [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask 0x2 [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask 0x2 [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config [15/Oct/2014:18:35:48 -0400] - replace: modifiersname [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config [15/Oct/2014:18:35:48 -0400] - replace: modifiersname [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config [15/Oct/2014:18:35:48 -0400] - replace: modifiersname [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - entryusn: 3440 [15/Oct/2014:18:35:48 -0400] - replace: entryusn [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask 0x2 [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask 0x2 [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=10 timelimit=2 attrsonly=0 filter="(objectClass=*)" attrs=ALL [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config [15/Oct/2014:18:35:48 -0400] - replace: modifiersname [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config [15/Oct/2014:18:35:48 -0400] - replace: modifiersname [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config [15/Oct/2014:18:35:48 -0400] - replace: modifiersname [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - entryusn: 3441 [15/Oct/2014:18:35:48 -0400] - replace: entryusn [15/Oct/2014:18:35:48 -0400] - - [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask 0x2 [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask 0x2 [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=100 timelimit=2 attrsonly=0 filter="(objectClass=*)" attrs="gidNumber cn" [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=*)" attrs="* aci" [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=10 timelimit=2 attrsonly=0 filter="(objectClass=*)" attrs=ALL [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 sizelimit=100 timelimit=2 attrsonly=0 filter="(&(objectClass=krbprincipalaux)(krbPrincipalName=amye...@example.com))" attrs="" [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - do_add: dn (uid=amyengh,cn=users,cn=accounts,dc=example,dc=com) [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=100 timelimit=2 attrsonly=0 filter="(objectClass=*)" attrs="gidNumber cn" [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=*)" attrs="* aci" [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - do_add: dn (cn=amyengh,cn=groups,cn=accounts,dc=example,dc=com) [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - removing entire attribute hassubordinates [15/Oct/2014:18:35:48 -0400] - removing entire attribute numsubordinates [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 sizelimit=100 timelimit=0 attrsonly=0 filter="(&(objectClass=posixAccount)(!(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com)))" attrs="" [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project