On Fri, 30 Oct 2015, Troels Hansen wrote:




I think it should be
add:nsslapd-basedn: cn=accounts,$SUFFIX
not
add:basedn:"cn=accounts,$SUFFIX"

this is what sidgen task expects and it returns constraint violation
error if parameters are wrong:

   str = fetch_attr(e, "nsslapd-basedn", NULL);
   if (str == NULL) {
       LOG_FATAL("Missing nsslapd-basedn!\n");
       *returncode = LDAP_CONSTRAINT_VIOLATION;
       ret = SLAPI_DSE_CALLBACK_ERROR;
       goto done;
   }


I think you are right.
Don't know what I have tested, but it brings me a different error, that I 
didn't see before:

ipa.ipapython.ipaldap.IPAdmin: DEBUG: Unhandled LDAPError: OPERATIONS_ERROR: 
{'desc': 'Operations error'}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR: Add failure Operations 
error:
ipa.ipaserver.install.ipa_ldap_updater.LDAPUpdater_NonUpgrade: INFO: The 
ipa-ldap-updater command was successful

Where did you find the source for the sidgen task? I could try  looking at at 
it myself, but can't find it.
You can check it here:
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen_task.c#n221

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to