Rich, Sorry about that. Thanks for the help.
http://ur1.ca/idu6a <-- should be there at least for a few days. Clint On Wed, Oct 15, 2014 at 9:51 PM, Rich Megginson <rmegg...@redhat.com> wrote: > On 10/15/2014 05:29 PM, Clint Savage wrote: > > On Wed, Oct 15, 2014 at 5:04 PM, Rich Megginson <rmegg...@redhat.com> > wrote: > >> On 10/15/2014 04:43 PM, Clint Savage wrote: >> >> On Wed, Oct 15, 2014 at 2:33 PM, Rich Megginson <rmegg...@redhat.com> >> wrote: >> >>> On 10/15/2014 02:05 PM, Rob Crittenden wrote: >>> >>>> Clint Savage wrote: >>>> >>>>> $ rpm -q ipa-server >>>>> ipa-server-3.3.3-28.el7.centos.1.x86_64 >>>>> >>>>> I was thinking that this might be an issue with the rhel7 version. I'm >>>>> going to be trying the same migration tonight on rhel6. I know the IPA >>>>> version is older, and samba stuff might not work as it does in 3.3. I >>>>> haven't looked in RHEL 6.6 yet to see what version of IPA is available. >>>>> >>>> I tested using a fairly recent IPA master build (4.1+). I'm not >>>> convinced it is related to any specific version, but different features >>>> are available so I thought I'd try to duplicate on a more similar >>>> footing (apples to apples comparision). >>>> >>>> The trick is to try to narrow down what attribute the LDAP server thinks >>>> already exists. We don't get a very nice error out of LDAP, like *what* >>>> attribute already exists, for example :-( >>>> >>>> It may be possible to set the 389-ds debug level to such that you get >>>> some decent output, but trying to find the right balance of output can >>>> be challenging. See their FAQ troubleshooting section. >>>> >>> >>> http://www.port389.org/docs/389ds/FAQ/faq.html#troubleshooting >>> >>> Try the ARGS (Heavy trace output debugging) level >>> >>> >>> >>>> rob >>>> >>>> >>>> Clint >>>>> >>>>> On Wed, Oct 15, 2014 at 1:16 PM, Rob Crittenden <rcrit...@redhat.com >>>>> <mailto:rcrit...@redhat.com>> wrote: >>>>> >>>>> Ludwig Krispenz wrote: >>>>> > >>>>> > On 10/14/2014 06:58 PM, Clint Savage wrote: >>>>> >> Hi all, >>>>> >> >>>>> >> I've been working on a migration plan using three custom user >>>>> >> objectClasses and one group objectclass. In my attempt, I've >>>>> setup an >>>>> >> openldap server with the proper schemas, imported the ldif and >>>>> have >>>>> >> records that look something like this in ldif format. >>>>> >> >>>>> >> >>>>> >>>>> ----------------------------------------------------------------------- >>>>> >> >>>>> >> dn: dc=example,dc=com >>>>> >> objectClass: top >>>>> >> objectClass: domain >>>>> >> dc: example >>>>> >> >>>>> >> dn: ou=Groups,dc=example,dc=com >>>>> >> objectClass: top >>>>> >> objectClass: organizationalunit >>>>> >> ou: Groups >>>>> >> >>>>> >> dn: ou=People,dc=example,dc=com >>>>> >> objectClass: top >>>>> >> objectClass: organizationalunit >>>>> >> ou: People >>>>> >> >>>>> >> dn: uid=amyengh,ou=People,dc=example,dc=com >>>>> >> objectClass: inetOrgPerson >>>>> >> objectClass: posixAccount >>>>> >> objectClass: top >>>>> >> objectClass: organizationalPerson >>>>> >> objectClass: person >>>>> >> objectClass: radiusProfile >>>>> >> objectClass: sambaSamAccount >>>>> >> objectClass: customPersonAttributes >>>>> >> cn: Amy Engh >>>>> >> gidNumber: 1141801056 >>>>> >> homeDirectory: /home/amyengh >>>>> >> sn: Engh >>>>> >> uid: amyengh >>>>> >> uidNumber: 1141801056 >>>>> >> displayName: Amy Engh >>>>> >> givenName: Amy >>>>> >> loginShell: /sbin/nologin >>>>> >> mail: amye...@attask.com <mailto:amye...@attask.com> >>>>> <mailto:amye...@attask.com <mailto:amye...@attask.com>> >>>>> >> userPassword:: REDACTED >>>>> >> dialupAccess: yes >>>>> >> radiusTunnelMediumType: IEEE-802 >>>>> >> radiusTunnelPrivateGroupId: 1421 >>>>> >> radiusTunnelType: VLAN >>>>> >> emailPassword:: REDACTED >>>>> >> sambaAcctFlags: [U ] >>>>> >> sambaLMPassword: REDACTED >>>>> >> sambaNTPassword: REDACTED >>>>> >> sambaPasswordHistory: >>>>> >> 000000000000000000000000000000000000000000000000000000 >>>>> >> 0000000000 >>>>> >> sambaPwdLastSet: 1402698001 >>>>> >> sambaSID: S-1-5-21-2332447373-4108748234-3602490535-3146 >>>>> >> >>>>> >> dn: cn=amyengh,ou=Groups,dc=example,dc=com >>>>> >> objectClass: top >>>>> >> objectClass: posixGroup >>>>> >> cn: amyengh >>>>> >> gidNumber: 1141801056 >>>>> >> memberUid: amyengh >>>>> >> >>>>> >> >>>>> -------------------------------------------------------------------- >>>>> >> >>>>> >> I then run the migration (with or without compat makes no >>>>> difference) >>>>> >> and get the following: >>>>> >> >>>>> >> ipa migrate-ds --with-compat --user-container="ou=People" >>>>> >> --group-container="ou=Groups" --user-objectclass=posixAccount >>>>> >> --group-objectclass=posixgroup ldap://192.168.122.210 >>>>> <http://192.168.122.210> >>>>> >> <http://192.168.122.210> >>>>> --bind-dn="cn=Manager,dc=example,dc=com" >>>>> >> Password: >>>>> >> ----------- >>>>> >> migrate-ds: >>>>> >> ----------- >>>>> >> Migrated: >>>>> >> Failed user: >>>>> >> amyengh: Type or value exists: >>>>> >> Failed group: >>>>> >> amyengh: This entry already exists. >>>>> > "type or value exists" and "This entry already exists" are just >>>>> > explanations of the ldap return code, do you see anything in >>>>> the 389 ds >>>>> > error logs ? >>>>> >>>>> I doubt that he would see any errors. >>>>> >>>>> The entry already existing is because this isn't his first >>>>> migration, it >>>>> is unrelated. >>>>> >>>>> I'm not able to reproduce this. What version of IPA is it? >>>>> >>>>> rob >>>>> >>>>> -- >>>>> Manage your subscription for the Freeipa-users mailing list: >>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>> Go To http://freeipa.org for more info on the project >>>>> >>>>> >>>>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go To http://freeipa.org for more info on the project >>> >> >> This is what I get in the logs when running the migration: >> >> ==> access <== >> [15/Oct/2014:18:35:46 -0400] conn=8 op=166 SRCH >> base="idnsName=_tcp,idnsname=example.com,cn=dns,dc=example,dc=com" >> scope=0 filter="(objectClass=idnsRecord)" attrs=ALL >> [15/Oct/2014:18:35:46 -0400] conn=8 op=166 RESULT err=32 tag=101 >> nentries=0 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=606 fd=79 slot=79 connection from >> 192.168.122.200 to 192.168.122.200 >> [15/Oct/2014:18:35:48 -0400] conn=4 op=960 SRCH base="dc=example,dc=com" >> scope=2 >> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/ >> example....@example.com))" attrs="krbPrincipalName krbCanonicalName >> ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference >> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference >> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases >> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData >> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife >> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData >> ipaUserAuthType objectClass" >> [15/Oct/2014:18:35:48 -0400] conn=4 op=960 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=4 op=961 SRCH base="dc=example,dc=com" >> scope=2 >> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ >> ipa7.example....@example.com)(krbPrincipalName=ldap/ >> ipa7.example....@example.com)))" attrs="krbPrincipalName >> krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey >> krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration >> krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange >> krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth >> krbLoginFailedCount krbExtraData krbLastAdminUnlock krbObjectReferences >> krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock >> passwordHistory ipaKrbAuthzData ipaUserAuthType objectClass" >> [15/Oct/2014:18:35:48 -0400] conn=4 op=961 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=4 op=962 SRCH >> base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" >> scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife >> krbMaxRenewableAge krbTicketFlags" >> [15/Oct/2014:18:35:48 -0400] conn=4 op=962 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=4 op=963 SRCH base="dc=example,dc=com" >> scope=2 >> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/ >> ipa7.example....@example.com))" attrs="krbPrincipalName krbCanonicalName >> ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference >> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference >> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases >> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData >> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife >> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData >> ipaUserAuthType objectClass" >> [15/Oct/2014:18:35:48 -0400] conn=4 op=963 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=4 op=964 SRCH >> base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" >> scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife >> krbMaxRenewableAge krbTicketFlags" >> [15/Oct/2014:18:35:48 -0400] conn=4 op=964 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=4 op=965 SRCH base="dc=example,dc=com" >> scope=2 filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/ >> ipa7.example....@example.com))" attrs="objectClass memberPrincipal" >> [15/Oct/2014:18:35:48 -0400] conn=4 op=965 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=4 op=966 SRCH base="dc=example,dc=com" >> scope=2 >> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName= >> ad...@example.com))" attrs="krbPrincipalName krbCanonicalName >> ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference >> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference >> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases >> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData >> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife >> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData >> ipaUserAuthType objectClass" >> [15/Oct/2014:18:35:48 -0400] conn=4 op=966 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=4 op=967 SRCH >> base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" >> scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife >> krbMaxRenewableAge krbTicketFlags" >> [15/Oct/2014:18:35:48 -0400] conn=4 op=967 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=606 op=0 BIND dn="" method=sasl >> version=3 mech=GSSAPI >> [15/Oct/2014:18:35:48 -0400] conn=606 op=0 RESULT err=14 tag=97 >> nentries=0 etime=0, SASL bind in progress >> [15/Oct/2014:18:35:48 -0400] conn=606 op=1 BIND dn="" method=sasl >> version=3 mech=GSSAPI >> [15/Oct/2014:18:35:48 -0400] conn=606 op=1 RESULT err=14 tag=97 >> nentries=0 etime=0, SASL bind in progress >> [15/Oct/2014:18:35:48 -0400] conn=606 op=2 BIND dn="" method=sasl >> version=3 mech=GSSAPI >> [15/Oct/2014:18:35:48 -0400] conn=606 op=2 RESULT err=0 tag=97 nentries=0 >> etime=0 dn="uid=admin,cn=users,cn=accounts,dc=example,dc=com" >> [15/Oct/2014:18:35:48 -0400] conn=606 op=3 SRCH >> base="cn=ipaconfig,cn=etc,dc=example,dc=com" scope=0 >> filter="(objectClass=*)" attrs=ALL >> [15/Oct/2014:18:35:48 -0400] conn=606 op=3 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=606 op=4 SRCH >> base="cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com" scope=0 >> filter="(objectClass=*)" attrs="gidNumber cn" >> [15/Oct/2014:18:35:48 -0400] conn=606 op=4 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=606 op=5 SRCH base="cn=UPG >> Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=example,dc=com" >> scope=0 filter="(objectClass=*)" attrs="* aci" >> [15/Oct/2014:18:35:48 -0400] conn=606 op=5 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=606 op=6 SRCH >> base="cn=ipaconfig,cn=etc,dc=example,dc=com" scope=0 >> filter="(objectClass=*)" attrs=ALL >> [15/Oct/2014:18:35:48 -0400] conn=606 op=6 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=606 op=7 SRCH >> base="cn=users,cn=accounts,dc=example,dc=com" scope=2 >> filter="(&(objectClass=krbprincipalaux)(krbPrincipalName= >> amye...@example.com))" attrs="" >> [15/Oct/2014:18:35:48 -0400] conn=606 op=7 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=606 op=8 ADD >> dn="uid=amyengh,cn=users,cn=accounts,dc=example,dc=com", add values for >> type objectClass failed >> [15/Oct/2014:18:35:48 -0400] conn=606 op=8 RESULT err=20 tag=105 >> nentries=0 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=606 op=9 SRCH >> base="cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com" scope=0 >> filter="(objectClass=*)" attrs="gidNumber cn" >> [15/Oct/2014:18:35:48 -0400] conn=606 op=9 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=606 op=10 SRCH base="cn=UPG >> Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=example,dc=com" >> scope=0 filter="(objectClass=*)" attrs="* aci" >> [15/Oct/2014:18:35:48 -0400] conn=606 op=10 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=606 op=11 ADD >> dn="cn=amyengh,cn=groups,cn=accounts,dc=example,dc=com" >> [15/Oct/2014:18:35:48 -0400] conn=606 op=11 RESULT err=68 tag=105 >> nentries=0 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=606 op=12 SRCH >> base="cn=users,cn=accounts,dc=example,dc=com" scope=2 >> filter="(&(objectClass=posixAccount)(!(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com)))" >> attrs="" >> [15/Oct/2014:18:35:48 -0400] conn=606 op=12 RESULT err=0 tag=101 >> nentries=0 etime=0 >> [15/Oct/2014:18:35:48 -0400] conn=606 op=13 UNBIND >> [15/Oct/2014:18:35:48 -0400] conn=606 op=13 fd=79 closed - U1 >> >> It kind of looks like there's some sort of failure with my gidNumber or >> cn, but both the user and group objects have these values. Any idea what is >> going on there? >> >> >> Did you enable the ARGS level error logging in the errors log? If so, >> what's in the errors log? >> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go To http://freeipa.org for more info on the project >> > > Ha! I debated sending the error logs. I think Dmitri may be right about > the group value. I'll try that too. > > > Looks like the errors log was truncated. Can you put it on some file > sharing site? If not, just email it to me directly. > > > > > ==> errors <== > [15/Oct/2014:18:35:46 -0400] - SRCH base="(null)" scope=0 deref=0 > sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=idnsRecord)" > attrs=ALL > [15/Oct/2014:18:35:46 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:46 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 > sizelimit=0 timelimit=300 attrsonly=0 > filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/ > example....@example.com))" attrs="krbPrincipalName krbCanonicalName > ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference > krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference > krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases > krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData > krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife > krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData > ipaUserAuthType objectClass" > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 > sizelimit=0 timelimit=300 attrsonly=0 > filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ > ipa7.example....@example.com)(krbPrincipalName=ldap/ > ipa7.example....@example.com)))" attrs="krbPrincipalName krbCanonicalName > ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference > krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference > krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases > krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData > krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife > krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData > ipaUserAuthType objectClass" > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 > sizelimit=0 timelimit=300 attrsonly=0 > filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife > krbMaxRenewableAge krbTicketFlags" > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 > sizelimit=0 timelimit=300 attrsonly=0 > filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=HTTP/ > ipa7.example....@example.com))" attrs="krbPrincipalName krbCanonicalName > ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference > krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference > krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases > krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData > krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife > krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData > ipaUserAuthType objectClass" > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 > sizelimit=0 timelimit=300 attrsonly=0 > filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife > krbMaxRenewableAge krbTicketFlags" > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 > sizelimit=0 timelimit=300 attrsonly=0 > filter="(&(objectClass=ipaKrb5DelegationACL)(memberPrincipal=HTTP/ > ipa7.example....@example.com))" attrs="objectClass memberPrincipal" > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 > sizelimit=0 timelimit=300 attrsonly=0 > filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName= > ad...@example.com))" attrs="krbPrincipalName krbCanonicalName > ipaKrbPrincipalAlias krbUPEnabled krbPrincipalKey krbTicketPolicyReference > krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference > krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases > krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData > krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife > krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData > ipaUserAuthType objectClass" > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 > sizelimit=0 timelimit=300 attrsonly=0 > filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife > krbMaxRenewableAge krbTicketFlags" > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : > frontend-internal > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : > frontend-internal > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : > frontend-internal > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : > frontend-internal > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : > frontend-internal > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : > frontend-internal > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : > frontend-internal > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : > frontend-internal > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : > frontend-internal > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : > frontend-internal > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA > Lockout,cn=plugins,cn=config > [15/Oct/2014:18:35:48 -0400] - replace: modifiersname > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA > Lockout,cn=plugins,cn=config > [15/Oct/2014:18:35:48 -0400] - replace: modifiersname > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA > Lockout,cn=plugins,cn=config > [15/Oct/2014:18:35:48 -0400] - replace: modifiersname > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - entryusn: 3439 > [15/Oct/2014:18:35:48 -0400] - replace: entryusn > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask > 0x2 > [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask > 0x2 > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA > Lockout,cn=plugins,cn=config > [15/Oct/2014:18:35:48 -0400] - replace: modifiersname > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA > Lockout,cn=plugins,cn=config > [15/Oct/2014:18:35:48 -0400] - replace: modifiersname > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA > Lockout,cn=plugins,cn=config > [15/Oct/2014:18:35:48 -0400] - replace: modifiersname > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - entryusn: 3440 > [15/Oct/2014:18:35:48 -0400] - replace: entryusn > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask > 0x2 > [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask > 0x2 > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 > sizelimit=10 timelimit=2 attrsonly=0 filter="(objectClass=*)" attrs=ALL > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA > Lockout,cn=plugins,cn=config > [15/Oct/2014:18:35:48 -0400] - replace: modifiersname > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA > Lockout,cn=plugins,cn=config > [15/Oct/2014:18:35:48 -0400] - replace: modifiersname > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - krbLastSuccessfulAuth: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: krbLastSuccessfulAuth > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifiersname: cn=IPA > Lockout,cn=plugins,cn=config > [15/Oct/2014:18:35:48 -0400] - replace: modifiersname > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - modifytimestamp: 20141015223548Z > [15/Oct/2014:18:35:48 -0400] - replace: modifytimestamp > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - entryusn: 3441 > [15/Oct/2014:18:35:48 -0400] - replace: entryusn > [15/Oct/2014:18:35:48 -0400] - - > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask > 0x2 > [15/Oct/2014:18:35:48 -0400] - index_addordel_values_ext_sv indexmask > 0x2 > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 > sizelimit=100 timelimit=2 attrsonly=0 filter="(objectClass=*)" > attrs="gidNumber cn" > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 > sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=*)" attrs="* aci" > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 > sizelimit=10 timelimit=2 attrsonly=0 filter="(objectClass=*)" attrs=ALL > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 > sizelimit=100 timelimit=2 attrsonly=0 > filter="(&(objectClass=krbprincipalaux)(krbPrincipalName= > amye...@example.com))" attrs="" > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0xa > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - do_add: dn > (uid=amyengh,cn=users,cn=accounts,dc=example,dc=com) > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 > sizelimit=100 timelimit=2 attrsonly=0 filter="(objectClass=*)" > attrs="gidNumber cn" > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=0 deref=0 > sizelimit=0 timelimit=0 attrsonly=0 filter="(objectClass=*)" attrs="* aci" > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - do_add: dn > (cn=amyengh,cn=groups,cn=accounts,dc=example,dc=com) > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - removing entire attribute hassubordinates > [15/Oct/2014:18:35:48 -0400] - removing entire attribute numsubordinates > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > [15/Oct/2014:18:35:48 -0400] - SRCH base="(null)" scope=2 deref=0 > sizelimit=100 timelimit=0 attrsonly=0 > filter="(&(objectClass=posixAccount)(!(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com)))" > attrs="" > [15/Oct/2014:18:35:48 -0400] - mapping tree selected backend : userRoot > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - indextype: "eq" indexmask: 0x2 > [15/Oct/2014:18:35:48 -0400] - mapping tree release backend : userRoot > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project