On Fri, 30 Oct 2015, Troels Hansen wrote:
I think it should be
add:nsslapd-basedn: cn=accounts,$SUFFIX
not
add:basedn:"cn=accounts,$SUFFIX"
this is what sidgen task expects and it returns constraint violation
error if parameters are wrong:
str = fetch_attr(e, "nsslapd-basedn", NULL);
if (str == NULL) {
LOG_FATAL("Missing nsslapd-basedn!\n");
*returncode = LDAP_CONSTRAINT_VIOLATION;
ret = SLAPI_DSE_CALLBACK_ERROR;
goto done;
}
I think you are right.
Don't know what I have tested, but it brings me a different error, that I
didn't see before:
ipa.ipapython.ipaldap.IPAdmin: DEBUG: Unhandled LDAPError: OPERATIONS_ERROR:
{'desc': 'Operations error'}
ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR: Add failure Operations
error:
ipa.ipaserver.install.ipa_ldap_updater.LDAPUpdater_NonUpgrade: INFO: The
ipa-ldap-updater command was successful
Where did you find the source for the sidgen task? I could try looking at at
it myself, but can't find it.
You can check it here:
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen_task.c#n221
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project