On Mon, 07 Mar 2016, Zoske, Fabian wrote:
Thank you for your explanation.

I looked in the sssd_<DOMAIN>.log and found the actual LDAP-Filter.
The problem seems to be the first part again: 
(&(objectclass=sudoRole)(entryUSN>=485025)(!(entryUSN=485025))).
In the LDAP-Tree I can't see any attribute named entryUSN.

Is this related to the problem?
No, it is not. entryUSN is an attribute that is not stored in the entry,
it is a feature that adds a monotonically increased value to any update
of an entry. It is used to check whether entries were changed since last
search.


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to