On 10/15/2014 05:29 PM, Clint Savage wrote:
On Wed, Oct 15, 2014 at 5:04 PM, Rich Megginson <rmegg...@redhat.com <mailto:rmegg...@redhat.com>> wrote:


    On 10/15/2014 04:43 PM, Clint Savage wrote:
    On Wed, Oct 15, 2014 at 2:33 PM, Rich Megginson
    <rmegg...@redhat.com <mailto:rmegg...@redhat.com>> wrote:

        On 10/15/2014 02:05 PM, Rob Crittenden wrote:

            Clint Savage wrote:

                $ rpm -q ipa-server
                ipa-server-3.3.3-28.el7.centos.1.x86_64

                I was thinking that this might be an issue with the
                rhel7 version. I'm
                going to be trying the same migration tonight on
                rhel6. I know the IPA
                version is older, and samba stuff might not work as
                it does in 3.3. I
                haven't looked in RHEL 6.6 yet to see what version of
                IPA is available.

            I tested using a fairly recent IPA master build (4.1+).
            I'm not
            convinced it is related to any specific version, but
            different features
            are available so I thought I'd try to duplicate on a more
            similar
            footing (apples to apples comparision).

            The trick is to try to narrow down what attribute the
            LDAP server thinks
            already exists. We don't get a very nice error out of
            LDAP, like *what*
            attribute already exists, for example :-(

            It may be possible to set the 389-ds debug level to such
            that you get
            some decent output, but trying to find the right balance
            of output can
            be challenging. See their FAQ troubleshooting section.


        http://www.port389.org/docs/389ds/FAQ/faq.html#troubleshooting

        Try the ARGS (Heavy trace output debugging) level



            rob


                Clint

                On Wed, Oct 15, 2014 at 1:16 PM, Rob Crittenden
                <rcrit...@redhat.com <mailto:rcrit...@redhat.com>
                <mailto:rcrit...@redhat.com
                <mailto:rcrit...@redhat.com>>> wrote:

                     Ludwig Krispenz wrote:
                     >
                     > On 10/14/2014 06:58 PM, Clint Savage wrote:
                     >> Hi all,
                     >>
                     >> I've been working on a migration plan using
                three custom user
                     >> objectClasses and one group objectclass. In
                my attempt, I've setup an
                     >> openldap server with the proper schemas,
                imported the ldif and have
                     >> records that look something like this in ldif
                format.
                     >>
                     >>
                 
-----------------------------------------------------------------------
                     >>
                     >> dn: dc=example,dc=com
                     >> objectClass: top
                     >> objectClass: domain
                     >> dc: example
                     >>
                     >> dn: ou=Groups,dc=example,dc=com
                     >> objectClass: top
                     >> objectClass: organizationalunit
                     >> ou: Groups
                     >>
                     >> dn: ou=People,dc=example,dc=com
                     >> objectClass: top
                     >> objectClass: organizationalunit
                     >> ou: People
                     >>
                     >> dn: uid=amyengh,ou=People,dc=example,dc=com
                     >> objectClass: inetOrgPerson
                     >> objectClass: posixAccount
                     >> objectClass: top
                     >> objectClass: organizationalPerson
                     >> objectClass: person
                     >> objectClass: radiusProfile
                     >> objectClass: sambaSamAccount
                     >> objectClass: customPersonAttributes
                     >> cn: Amy Engh
                     >> gidNumber: 1141801056
                     >> homeDirectory: /home/amyengh
                     >> sn: Engh
                     >> uid: amyengh
                     >> uidNumber: 1141801056
                     >> displayName: Amy Engh
                     >> givenName: Amy
                     >> loginShell: /sbin/nologin
                     >> mail: amye...@attask.com
                <mailto:amye...@attask.com>
                <mailto:amye...@attask.com <mailto:amye...@attask.com>>
                     <mailto:amye...@attask.com
                <mailto:amye...@attask.com>
                <mailto:amye...@attask.com <mailto:amye...@attask.com>>>
                     >> userPassword:: REDACTED
                     >> dialupAccess: yes
                     >> radiusTunnelMediumType: IEEE-802
                     >> radiusTunnelPrivateGroupId: 1421
                     >> radiusTunnelType: VLAN
                     >> emailPassword:: REDACTED
                     >> sambaAcctFlags: [U         ]
                     >> sambaLMPassword: REDACTED
                     >> sambaNTPassword: REDACTED
                     >> sambaPasswordHistory:
                     >>
                000000000000000000000000000000000000000000000000000000
                     >>  0000000000
                     >> sambaPwdLastSet: 1402698001
                     >> sambaSID:
                S-1-5-21-2332447373-4108748234-3602490535-3146
                     >>
                     >> dn: cn=amyengh,ou=Groups,dc=example,dc=com
                     >> objectClass: top
                     >> objectClass: posixGroup
                     >> cn: amyengh
                     >> gidNumber: 1141801056
                     >> memberUid: amyengh
                     >>
                     >>
                
--------------------------------------------------------------------
                     >>
                     >> I then run the migration (with or without
                compat makes no difference)
                     >> and get the following:
                     >>
                     >> ipa migrate-ds --with-compat
                --user-container="ou=People"
                     >> --group-container="ou=Groups"
                --user-objectclass=posixAccount
                     >> --group-objectclass=posixgroup
                ldap://192.168.122.210 <http://192.168.122.210>
                     <http://192.168.122.210>
                     >> <http://192.168.122.210>
                --bind-dn="cn=Manager,dc=example,dc=com"
                     >> Password:
                     >> -----------
                     >> migrate-ds:
                     >> -----------
                     >> Migrated:
                     >> Failed user:
                     >>   amyengh: Type or value exists:
                     >> Failed group:
                     >>   amyengh: This entry already exists.
                     > "type or value exists" and "This entry already
                exists" are just
                     > explanations of the ldap return code, do you
                see anything in the 389 ds
                     > error logs ?

                     I doubt that he would see any errors.

                     The entry already existing is because this isn't
                his first migration, it
                     is unrelated.

                     I'm not able to reproduce this. What version of
                IPA is it?

                     rob

                     --
                     Manage your subscription for the Freeipa-users
                mailing list:
                https://www.redhat.com/mailman/listinfo/freeipa-users
                     Go To http://freeipa.org for more info on the
                project



-- Manage your subscription for the Freeipa-users mailing list:
        https://www.redhat.com/mailman/listinfo/freeipa-users
        Go To http://freeipa.org for more info on the project


    This is what I get in the logs when running the migration:

    ==> access <==
    [15/Oct/2014:18:35:46 -0400] conn=8 op=166 SRCH
    base="idnsName=_tcp,idnsname=example.com
    <http://example.com>,cn=dns,dc=example,dc=com" scope=0
    filter="(objectClass=idnsRecord)" attrs=ALL
    [15/Oct/2014:18:35:46 -0400] conn=8 op=166 RESULT err=32 tag=101
    nentries=0 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=606 fd=79 slot=79 connection
    from 192.168.122.200 to 192.168.122.200
    [15/Oct/2014:18:35:48 -0400] conn=4 op=960 SRCH
    base="dc=example,dc=com" scope=2
    
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/example....@example.com
    <mailto:example....@example.com>))" attrs="krbPrincipalName
    krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
    krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
    krbPasswordExpiration krbPwdPolicyReference krbPrincipalType
    krbPwdHistory krbLastPwdChange krbPrincipalAliases
    krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
    krbExtraData krbLastAdminUnlock krbObjectReferences
    krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
    passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
    [15/Oct/2014:18:35:48 -0400] conn=4 op=960 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=4 op=961 SRCH
    base="dc=example,dc=com" scope=2
    
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ipa7.example....@example.com
    
<mailto:ipa7.example....@example.com>)(krbPrincipalName=ldap/ipa7.example....@example.com
    <mailto:ipa7.example....@example.com>)))" attrs="krbPrincipalName
    krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
    krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
    krbPasswordExpiration krbPwdPolicyReference krbPrincipalType
    krbPwdHistory krbLastPwdChange krbPrincipalAliases
    krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
    krbExtraData krbLastAdminUnlock krbObjectReferences
    krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
    passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
    [15/Oct/2014:18:35:48 -0400] conn=4 op=961 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=4 op=962 SRCH
    base="cn=EXAMPLE.COM
    <http://EXAMPLE.COM>,cn=kerberos,dc=example,dc=com" scope=0
    filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
    krbMaxRenewableAge krbTicketFlags"
    [15/Oct/2014:18:35:48 -0400] conn=4 op=962 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=4 op=963 SRCH
    base="dc=example,dc=com" scope=2
    
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/ipa7.example....@example.com
    <mailto:ipa7.example....@example.com>))" attrs="krbPrincipalName
    krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
    krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
    krbPasswordExpiration krbPwdPolicyReference krbPrincipalType
    krbPwdHistory krbLastPwdChange krbPrincipalAliases
    krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
    krbExtraData krbLastAdminUnlock krbObjectReferences
    krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
    passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
    [15/Oct/2014:18:35:48 -0400] conn=4 op=963 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=4 op=964 SRCH
    base="cn=EXAMPLE.COM
    <http://EXAMPLE.COM>,cn=kerberos,dc=example,dc=com" scope=0
    filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
    krbMaxRenewableAge krbTicketFlags"
    [15/Oct/2014:18:35:48 -0400] conn=4 op=964 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=4 op=965 SRCH
    base="dc=example,dc=com" scope=2
    
filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/ipa7.example....@example.com
    <mailto:ipa7.example....@example.com>))" attrs="objectClass
    memberPrincipal"
    [15/Oct/2014:18:35:48 -0400] conn=4 op=965 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=4 op=966 SRCH
    base="dc=example,dc=com" scope=2
    
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=ad...@example.com
    <mailto:ad...@example.com>))" attrs="krbPrincipalName
    krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
    krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
    krbPasswordExpiration krbPwdPolicyReference krbPrincipalType
    krbPwdHistory krbLastPwdChange krbPrincipalAliases
    krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
    krbExtraData krbLastAdminUnlock krbObjectReferences
    krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
    passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
    [15/Oct/2014:18:35:48 -0400] conn=4 op=966 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=4 op=967 SRCH
    base="cn=EXAMPLE.COM
    <http://EXAMPLE.COM>,cn=kerberos,dc=example,dc=com" scope=0
    filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
    krbMaxRenewableAge krbTicketFlags"
    [15/Oct/2014:18:35:48 -0400] conn=4 op=967 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=606 op=0 BIND dn="" method=sasl
    version=3 mech=GSSAPI
    [15/Oct/2014:18:35:48 -0400] conn=606 op=0 RESULT err=14 tag=97
    nentries=0 etime=0, SASL bind in progress
    [15/Oct/2014:18:35:48 -0400] conn=606 op=1 BIND dn="" method=sasl
    version=3 mech=GSSAPI
    [15/Oct/2014:18:35:48 -0400] conn=606 op=1 RESULT err=14 tag=97
    nentries=0 etime=0, SASL bind in progress
    [15/Oct/2014:18:35:48 -0400] conn=606 op=2 BIND dn="" method=sasl
    version=3 mech=GSSAPI
    [15/Oct/2014:18:35:48 -0400] conn=606 op=2 RESULT err=0 tag=97
    nentries=0 etime=0
    dn="uid=admin,cn=users,cn=accounts,dc=example,dc=com"
    [15/Oct/2014:18:35:48 -0400] conn=606 op=3 SRCH
    base="cn=ipaconfig,cn=etc,dc=example,dc=com" scope=0
    filter="(objectClass=*)" attrs=ALL
    [15/Oct/2014:18:35:48 -0400] conn=606 op=3 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=606 op=4 SRCH
    base="cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com"
    scope=0 filter="(objectClass=*)" attrs="gidNumber cn"
    [15/Oct/2014:18:35:48 -0400] conn=606 op=4 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=606 op=5 SRCH base="cn=UPG
    Definition,cn=Definitions,cn=Managed
    Entries,cn=etc,dc=example,dc=com" scope=0
    filter="(objectClass=*)" attrs="* aci"
    [15/Oct/2014:18:35:48 -0400] conn=606 op=5 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=606 op=6 SRCH
    base="cn=ipaconfig,cn=etc,dc=example,dc=com" scope=0
    filter="(objectClass=*)" attrs=ALL
    [15/Oct/2014:18:35:48 -0400] conn=606 op=6 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=606 op=7 SRCH
    base="cn=users,cn=accounts,dc=example,dc=com" scope=2
    filter="(&(objectClass=krbprincipalaux)(krbPrincipalName=amye...@example.com
    <mailto:amye...@example.com>))" attrs=""
    [15/Oct/2014:18:35:48 -0400] conn=606 op=7 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=606 op=8 ADD
    dn="uid=amyengh,cn=users,cn=accounts,dc=example,dc=com", add
    values for type objectClass failed
    [15/Oct/2014:18:35:48 -0400] conn=606 op=8 RESULT err=20 tag=105
    nentries=0 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=606 op=9 SRCH
    base="cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com"
    scope=0 filter="(objectClass=*)" attrs="gidNumber cn"
    [15/Oct/2014:18:35:48 -0400] conn=606 op=9 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=606 op=10 SRCH base="cn=UPG
    Definition,cn=Definitions,cn=Managed
    Entries,cn=etc,dc=example,dc=com" scope=0
    filter="(objectClass=*)" attrs="* aci"
    [15/Oct/2014:18:35:48 -0400] conn=606 op=10 RESULT err=0 tag=101
    nentries=1 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=606 op=11 ADD
    dn="cn=amyengh,cn=groups,cn=accounts,dc=example,dc=com"
    [15/Oct/2014:18:35:48 -0400] conn=606 op=11 RESULT err=68 tag=105
    nentries=0 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=606 op=12 SRCH
    base="cn=users,cn=accounts,dc=example,dc=com" scope=2
    
filter="(&(objectClass=posixAccount)(!(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com)))"
    attrs=""
    [15/Oct/2014:18:35:48 -0400] conn=606 op=12 RESULT err=0 tag=101
    nentries=0 etime=0
    [15/Oct/2014:18:35:48 -0400] conn=606 op=13 UNBIND
    [15/Oct/2014:18:35:48 -0400] conn=606 op=13 fd=79 closed - U1

    It kind of looks like there's some sort of failure with my
    gidNumber or cn, but both the user and group objects have these
    values. Any idea what is going on there?

    Did you enable the ARGS level error logging in the errors log?  If
    so, what's in the errors log?


    --
    Manage your subscription for the Freeipa-users mailing list:
    https://www.redhat.com/mailman/listinfo/freeipa-users
    Go To http://freeipa.org for more info on the project


Ha! I debated sending the error logs. I think Dmitri may be right about the group value. I'll try that too.

Looks like the errors log was truncated. Can you put it on some file sharing site? If not, just email it to me directly.



==> errors <==
[15/Oct/2014:18:35:46 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=idnsRecord)" attrs=ALL
[15/Oct/2014:18:35:46 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:46 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/example....@example.com <mailto:example....@example.com>))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ipa7.example....@example.com <mailto:ipa7.example....@example.com>)(krbPrincipalName=ldap/ipa7.example....@example.com <mailto:ipa7.example....@example.com>)))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/ipa7.example....@example.com <mailto:ipa7.example....@example.com>))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/ipa7.example....@example.com <mailto:ipa7.example....@example.com>))" attrs="objectClass memberPrincipal"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=ad...@example.com <mailto:ad...@example.com>))" attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=0 timelimit=300 attrsonly=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : frontend-internal [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    entryusn: 3439
[15/Oct/2014:18:35:48 -0400] -    replace: entryusn
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask 0x2 [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    entryusn: 3440
[15/Oct/2014:18:35:48 -0400] -    replace: entryusn
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask 0x2 [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask 0x2 [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=10 timelimit=2 attrsonly=0 filter="(objectClass=*)" attrs=ALL
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] -    replace: modifiersname
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] -    replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] -    entryusn: 3441
[15/Oct/2014:18:35:48 -0400] -    replace: entryusn
[15/Oct/2014:18:35:48 -0400] -    -
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask 0x2 [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask 0x2 [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=100 timelimit=2 attrsonly=0 filter="(objectClass=*)" attrs="gidNumber cn"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=*)" attrs="* aci"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=10 timelimit=2 attrsonly=0 filter="(objectClass=*)" attrs=ALL
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 sizelimit=100 timelimit=2 attrsonly=0 filter="(&(objectClass=krbprincipalaux)(krbPrincipalName=amye...@example.com <mailto:amye...@example.com>))" attrs=""
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - do_add: dn (uid=amyengh,cn=users,cn=accounts,dc=example,dc=com) [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=100 timelimit=2 attrsonly=0 filter="(objectClass=*)" attrs="gidNumber cn"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=*)" attrs="* aci"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - do_add: dn (cn=amyengh,cn=groups,cn=accounts,dc=example,dc=com)
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - removing entire attribute hassubordinates
[15/Oct/2014:18:35:48 -0400] - removing entire attribute numsubordinates
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 sizelimit=100 timelimit=0 attrsonly=0 filter="(&(objectClass=posixAccount)(!(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com)))" attrs=""
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] -    indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to