On Wed, Oct 15, 2014 at 5:04 PM, Rich Megginson <rmegg...@redhat.com
<mailto:rmegg...@redhat.com>> wrote:
On 10/15/2014 04:43 PM, Clint Savage wrote:
On Wed, Oct 15, 2014 at 2:33 PM, Rich Megginson
<rmegg...@redhat.com <mailto:rmegg...@redhat.com>> wrote:
On 10/15/2014 02:05 PM, Rob Crittenden wrote:
Clint Savage wrote:
$ rpm -q ipa-server
ipa-server-3.3.3-28.el7.centos.1.x86_64
I was thinking that this might be an issue with the
rhel7 version. I'm
going to be trying the same migration tonight on
rhel6. I know the IPA
version is older, and samba stuff might not work as
it does in 3.3. I
haven't looked in RHEL 6.6 yet to see what version of
IPA is available.
I tested using a fairly recent IPA master build (4.1+).
I'm not
convinced it is related to any specific version, but
different features
are available so I thought I'd try to duplicate on a more
similar
footing (apples to apples comparision).
The trick is to try to narrow down what attribute the
LDAP server thinks
already exists. We don't get a very nice error out of
LDAP, like *what*
attribute already exists, for example :-(
It may be possible to set the 389-ds debug level to such
that you get
some decent output, but trying to find the right balance
of output can
be challenging. See their FAQ troubleshooting section.
http://www.port389.org/docs/389ds/FAQ/faq.html#troubleshooting
Try the ARGS (Heavy trace output debugging) level
rob
Clint
On Wed, Oct 15, 2014 at 1:16 PM, Rob Crittenden
<rcrit...@redhat.com <mailto:rcrit...@redhat.com>
<mailto:rcrit...@redhat.com
<mailto:rcrit...@redhat.com>>> wrote:
Ludwig Krispenz wrote:
>
> On 10/14/2014 06:58 PM, Clint Savage wrote:
>> Hi all,
>>
>> I've been working on a migration plan using
three custom user
>> objectClasses and one group objectclass. In
my attempt, I've setup an
>> openldap server with the proper schemas,
imported the ldif and have
>> records that look something like this in ldif
format.
>>
>>
-----------------------------------------------------------------------
>>
>> dn: dc=example,dc=com
>> objectClass: top
>> objectClass: domain
>> dc: example
>>
>> dn: ou=Groups,dc=example,dc=com
>> objectClass: top
>> objectClass: organizationalunit
>> ou: Groups
>>
>> dn: ou=People,dc=example,dc=com
>> objectClass: top
>> objectClass: organizationalunit
>> ou: People
>>
>> dn: uid=amyengh,ou=People,dc=example,dc=com
>> objectClass: inetOrgPerson
>> objectClass: posixAccount
>> objectClass: top
>> objectClass: organizationalPerson
>> objectClass: person
>> objectClass: radiusProfile
>> objectClass: sambaSamAccount
>> objectClass: customPersonAttributes
>> cn: Amy Engh
>> gidNumber: 1141801056
>> homeDirectory: /home/amyengh
>> sn: Engh
>> uid: amyengh
>> uidNumber: 1141801056
>> displayName: Amy Engh
>> givenName: Amy
>> loginShell: /sbin/nologin
>> mail: amye...@attask.com
<mailto:amye...@attask.com>
<mailto:amye...@attask.com <mailto:amye...@attask.com>>
<mailto:amye...@attask.com
<mailto:amye...@attask.com>
<mailto:amye...@attask.com <mailto:amye...@attask.com>>>
>> userPassword:: REDACTED
>> dialupAccess: yes
>> radiusTunnelMediumType: IEEE-802
>> radiusTunnelPrivateGroupId: 1421
>> radiusTunnelType: VLAN
>> emailPassword:: REDACTED
>> sambaAcctFlags: [U ]
>> sambaLMPassword: REDACTED
>> sambaNTPassword: REDACTED
>> sambaPasswordHistory:
>>
000000000000000000000000000000000000000000000000000000
>> 0000000000
>> sambaPwdLastSet: 1402698001
>> sambaSID:
S-1-5-21-2332447373-4108748234-3602490535-3146
>>
>> dn: cn=amyengh,ou=Groups,dc=example,dc=com
>> objectClass: top
>> objectClass: posixGroup
>> cn: amyengh
>> gidNumber: 1141801056
>> memberUid: amyengh
>>
>>
--------------------------------------------------------------------
>>
>> I then run the migration (with or without
compat makes no difference)
>> and get the following:
>>
>> ipa migrate-ds --with-compat
--user-container="ou=People"
>> --group-container="ou=Groups"
--user-objectclass=posixAccount
>> --group-objectclass=posixgroup
ldap://192.168.122.210 <http://192.168.122.210>
<http://192.168.122.210>
>> <http://192.168.122.210>
--bind-dn="cn=Manager,dc=example,dc=com"
>> Password:
>> -----------
>> migrate-ds:
>> -----------
>> Migrated:
>> Failed user:
>> amyengh: Type or value exists:
>> Failed group:
>> amyengh: This entry already exists.
> "type or value exists" and "This entry already
exists" are just
> explanations of the ldap return code, do you
see anything in the 389 ds
> error logs ?
I doubt that he would see any errors.
The entry already existing is because this isn't
his first migration, it
is unrelated.
I'm not able to reproduce this. What version of
IPA is it?
rob
--
Manage your subscription for the Freeipa-users
mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the
project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
This is what I get in the logs when running the migration:
==> access <==
[15/Oct/2014:18:35:46 -0400] conn=8 op=166 SRCH
base="idnsName=_tcp,idnsname=example.com
<http://example.com>,cn=dns,dc=example,dc=com" scope=0
filter="(objectClass=idnsRecord)" attrs=ALL
[15/Oct/2014:18:35:46 -0400] conn=8 op=166 RESULT err=32 tag=101
nentries=0 etime=0
[15/Oct/2014:18:35:48 -0400] conn=606 fd=79 slot=79 connection
from 192.168.122.200 to 192.168.122.200
[15/Oct/2014:18:35:48 -0400] conn=4 op=960 SRCH
base="dc=example,dc=com" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/example....@example.com
<mailto:example....@example.com>))" attrs="krbPrincipalName
krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType
krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbExtraData krbLastAdminUnlock krbObjectReferences
krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] conn=4 op=960 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=4 op=961 SRCH
base="dc=example,dc=com" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ipa7.example....@example.com
<mailto:ipa7.example....@example.com>)(krbPrincipalName=ldap/ipa7.example....@example.com
<mailto:ipa7.example....@example.com>)))" attrs="krbPrincipalName
krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType
krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbExtraData krbLastAdminUnlock krbObjectReferences
krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] conn=4 op=961 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=4 op=962 SRCH
base="cn=EXAMPLE.COM
<http://EXAMPLE.COM>,cn=kerberos,dc=example,dc=com" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[15/Oct/2014:18:35:48 -0400] conn=4 op=962 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=4 op=963 SRCH
base="dc=example,dc=com" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/ipa7.example....@example.com
<mailto:ipa7.example....@example.com>))" attrs="krbPrincipalName
krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType
krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbExtraData krbLastAdminUnlock krbObjectReferences
krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] conn=4 op=963 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=4 op=964 SRCH
base="cn=EXAMPLE.COM
<http://EXAMPLE.COM>,cn=kerberos,dc=example,dc=com" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[15/Oct/2014:18:35:48 -0400] conn=4 op=964 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=4 op=965 SRCH
base="dc=example,dc=com" scope=2
filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/ipa7.example....@example.com
<mailto:ipa7.example....@example.com>))" attrs="objectClass
memberPrincipal"
[15/Oct/2014:18:35:48 -0400] conn=4 op=965 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=4 op=966 SRCH
base="dc=example,dc=com" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=ad...@example.com
<mailto:ad...@example.com>))" attrs="krbPrincipalName
krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType
krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbExtraData krbLastAdminUnlock krbObjectReferences
krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] conn=4 op=966 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=4 op=967 SRCH
base="cn=EXAMPLE.COM
<http://EXAMPLE.COM>,cn=kerberos,dc=example,dc=com" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[15/Oct/2014:18:35:48 -0400] conn=4 op=967 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=606 op=0 BIND dn="" method=sasl
version=3 mech=GSSAPI
[15/Oct/2014:18:35:48 -0400] conn=606 op=0 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[15/Oct/2014:18:35:48 -0400] conn=606 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[15/Oct/2014:18:35:48 -0400] conn=606 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[15/Oct/2014:18:35:48 -0400] conn=606 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[15/Oct/2014:18:35:48 -0400] conn=606 op=2 RESULT err=0 tag=97
nentries=0 etime=0
dn="uid=admin,cn=users,cn=accounts,dc=example,dc=com"
[15/Oct/2014:18:35:48 -0400] conn=606 op=3 SRCH
base="cn=ipaconfig,cn=etc,dc=example,dc=com" scope=0
filter="(objectClass=*)" attrs=ALL
[15/Oct/2014:18:35:48 -0400] conn=606 op=3 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=606 op=4 SRCH
base="cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com"
scope=0 filter="(objectClass=*)" attrs="gidNumber cn"
[15/Oct/2014:18:35:48 -0400] conn=606 op=4 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=606 op=5 SRCH base="cn=UPG
Definition,cn=Definitions,cn=Managed
Entries,cn=etc,dc=example,dc=com" scope=0
filter="(objectClass=*)" attrs="* aci"
[15/Oct/2014:18:35:48 -0400] conn=606 op=5 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=606 op=6 SRCH
base="cn=ipaconfig,cn=etc,dc=example,dc=com" scope=0
filter="(objectClass=*)" attrs=ALL
[15/Oct/2014:18:35:48 -0400] conn=606 op=6 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=606 op=7 SRCH
base="cn=users,cn=accounts,dc=example,dc=com" scope=2
filter="(&(objectClass=krbprincipalaux)(krbPrincipalName=amye...@example.com
<mailto:amye...@example.com>))" attrs=""
[15/Oct/2014:18:35:48 -0400] conn=606 op=7 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=606 op=8 ADD
dn="uid=amyengh,cn=users,cn=accounts,dc=example,dc=com", add
values for type objectClass failed
[15/Oct/2014:18:35:48 -0400] conn=606 op=8 RESULT err=20 tag=105
nentries=0 etime=0
[15/Oct/2014:18:35:48 -0400] conn=606 op=9 SRCH
base="cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com"
scope=0 filter="(objectClass=*)" attrs="gidNumber cn"
[15/Oct/2014:18:35:48 -0400] conn=606 op=9 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=606 op=10 SRCH base="cn=UPG
Definition,cn=Definitions,cn=Managed
Entries,cn=etc,dc=example,dc=com" scope=0
filter="(objectClass=*)" attrs="* aci"
[15/Oct/2014:18:35:48 -0400] conn=606 op=10 RESULT err=0 tag=101
nentries=1 etime=0
[15/Oct/2014:18:35:48 -0400] conn=606 op=11 ADD
dn="cn=amyengh,cn=groups,cn=accounts,dc=example,dc=com"
[15/Oct/2014:18:35:48 -0400] conn=606 op=11 RESULT err=68 tag=105
nentries=0 etime=0
[15/Oct/2014:18:35:48 -0400] conn=606 op=12 SRCH
base="cn=users,cn=accounts,dc=example,dc=com" scope=2
filter="(&(objectClass=posixAccount)(!(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com)))"
attrs=""
[15/Oct/2014:18:35:48 -0400] conn=606 op=12 RESULT err=0 tag=101
nentries=0 etime=0
[15/Oct/2014:18:35:48 -0400] conn=606 op=13 UNBIND
[15/Oct/2014:18:35:48 -0400] conn=606 op=13 fd=79 closed - U1
It kind of looks like there's some sort of failure with my
gidNumber or cn, but both the user and group objects have these
values. Any idea what is going on there?
Did you enable the ARGS level error logging in the errors log? If
so, what's in the errors log?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Ha! I debated sending the error logs. I think Dmitri may be right
about the group value. I'll try that too.
==> errors <==
[15/Oct/2014:18:35:46 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=idnsRecord)"
attrs=ALL
[15/Oct/2014:18:35:46 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:46 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/example....@example.com
<mailto:example....@example.com>))" attrs="krbPrincipalName
krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey
krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration
krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange
krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth
krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ipa7.example....@example.com
<mailto:ipa7.example....@example.com>)(krbPrincipalName=ldap/ipa7.example....@example.com
<mailto:ipa7.example....@example.com>)))" attrs="krbPrincipalName
krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey
krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration
krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange
krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth
krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/ipa7.example....@example.com
<mailto:ipa7.example....@example.com>))" attrs="krbPrincipalName
krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey
krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration
krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange
krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth
krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/ipa7.example....@example.com
<mailto:ipa7.example....@example.com>))" attrs="objectClass
memberPrincipal"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=ad...@example.com
<mailto:ad...@example.com>))" attrs="krbPrincipalName krbCanonicalName
ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey
krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration
krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange
krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth
krbLoginFailedCount krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=0 timelimit=300 attrsonly=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend :
frontend-internal
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] - replace: modifiersname
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] - replace: modifiersname
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] - replace: modifiersname
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - entryusn: 3439
[15/Oct/2014:18:35:48 -0400] - replace: entryusn
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv
indexmask 0x2
[15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv
indexmask 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] - replace: modifiersname
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] - replace: modifiersname
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] - replace: modifiersname
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - entryusn: 3440
[15/Oct/2014:18:35:48 -0400] - replace: entryusn
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv
indexmask 0x2
[15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv
indexmask 0x2
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=10 timelimit=2 attrsonly=0 filter="(objectClass=*)" attrs=ALL
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] - replace: modifiersname
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] - replace: modifiersname
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA
Lockout,cn=plugins,cn=config
[15/Oct/2014:18:35:48 -0400] - replace: modifiersname
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z
[15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - entryusn: 3441
[15/Oct/2014:18:35:48 -0400] - replace: entryusn
[15/Oct/2014:18:35:48 -0400] - -
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv
indexmask 0x2
[15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv
indexmask 0x2
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=100 timelimit=2 attrsonly=0 filter="(objectClass=*)"
attrs="gidNumber cn"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=*)" attrs="* aci"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=10 timelimit=2 attrsonly=0 filter="(objectClass=*)" attrs=ALL
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0
sizelimit=100 timelimit=2 attrsonly=0
filter="(&(objectClass=krbprincipalaux)(krbPrincipalName=amye...@example.com
<mailto:amye...@example.com>))" attrs=""
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - do_add: dn
(uid=amyengh,cn=users,cn=accounts,dc=example,dc=com)
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=100 timelimit=2 attrsonly=0 filter="(objectClass=*)"
attrs="gidNumber cn"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0
sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=*)" attrs="* aci"
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - do_add: dn
(cn=amyengh,cn=groups,cn=accounts,dc=example,dc=com)
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - removing entire attribute hassubordinates
[15/Oct/2014:18:35:48 -0400] - removing entire attribute numsubordinates
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot
[15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0
sizelimit=100 timelimit=0 attrsonly=0
filter="(&(objectClass=posixAccount)(!(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com)))"
attrs=""
[15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2
[15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot