On Fri, 30 Oct 2015, Troels Hansen wrote:
I think it should be add:nsslapd-basedn: cn=accounts,$SUFFIX not add:basedn:"cn=accounts,$SUFFIX" this is what sidgen task expects and it returns constraint violation error if parameters are wrong: str = fetch_attr(e, "nsslapd-basedn", NULL); if (str == NULL) { LOG_FATAL("Missing nsslapd-basedn!\n"); *returncode = LDAP_CONSTRAINT_VIOLATION; ret = SLAPI_DSE_CALLBACK_ERROR; goto done; }I think you are right. Don't know what I have tested, but it brings me a different error, that I didn't see before: ipa.ipapython.ipaldap.IPAdmin: DEBUG: Unhandled LDAPError: OPERATIONS_ERROR: {'desc': 'Operations error'} ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR: Add failure Operations error: ipa.ipaserver.install.ipa_ldap_updater.LDAPUpdater_NonUpgrade: INFO: The ipa-ldap-updater command was successful Where did you find the source for the sidgen task? I could try looking at at it myself, but can't find it.
You can check it here: https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen_task.c#n221 -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
