After upgrading to 4.1 I have duplicated permission objects in my directory 
with names including nsuniqueid.  Is it safe to delete all of these objects?  
Somehow this is only causing an issue for a specific user hitting a specific 
HBAC policy. 

(Mon Nov  2 14:29:23 2015) [sssd[be[]]] [hbac_eval_user_element] 
(0x0080): Parse error on [cn=Read PassSync Managers 
Configuration+nsuniqueid=4ae3220f-4d2b11e5-a06ffcc2-215714a9 …………..
(Mon Nov  2 14:29:23 2015) [sssd[be[]]] [hbac_ctx_to_rules] 
(0x0020): Could not construct eval request
(Mon Nov  2 14:29:23 2015) [sssd[be[]]] [ipa_hbac_evaluate_rules] 
(0x0020): Could not construct HBAC rules

This is causing authentication to fail for the user in question, and I would 
like to get rid of these useless objects if they are no longer necessary.  

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to