Am 11.08.16 um 17:58 schrieb Rob Crittenden:
> Torsten Harenberg wrote:
>> Hi,
>>
>> we have three ipa servers
>>
>> - ipa
>> - ipa2
>> - ipacentos7
>>
>> We wanted to re-install ipa2 from scratch as this server gave us strange
>> issues in the past (for example, you have to do a "ipactl stop && ipactl
>> start" after boot to have everything running - a step which is not
>> needed on the other two).
>>
>> However, the ipa-replica-manage del ipa2.pleiades.uni-wuppertal.de gave
>> an error at the end (it scrolled out of the terminal, but ended with
>> "unexpected error: Not allowed on non-leaf entry").
>>
>> It seems to be impossible to get rid of this replica now:
>>
>> [root@ipa ~]#  ipa-replica-manage -v -f -c  del
>> ipa2.pleiades.uni-wuppertal.de
>> Directory Manager password:
>>
>> Cleaning a master is irreversible.
>> This should not normally be require, so use cautiously.
>> Continue to clean master? [no]: yes
>> unexpected error: Not allowed on non-leaf entry
>> [root@ipa ~]# ipa-replica-manage list
>> Directory Manager password:
>>
>> ipacentos7.pleiades.uni-wuppertal.de: master
>> ipa.pleiades.uni-wuppertal.de: master
>> ipa2.pleiades.uni-wuppertal.de: master
>> [root@ipa ~]#
>>
>> [root@ipa ~]#  ipa-csreplica-manage -v del ipa2.pleiades.uni-wuppertal.de
>> Directory Manager password:
>>
>> Deleted replication agreement from 'ipa.pleiades.uni-wuppertal.de' to
>> 'ipa2.pleiades.uni-wuppertal.de'
>> [root@ipa ~]# ipa-replica-manage list
>> Directory Manager password:
>>
>> ipacentos7.pleiades.uni-wuppertal.de: master
>> ipa.pleiades.uni-wuppertal.de: master
>> ipa2.pleiades.uni-wuppertal.de: master
>> [root@ipa ~]#
>>
>> Any ideas how to proceed from here?
> 
> Seems like an error that LDAP is throwing. There might be details in
> /var/log/dirsrv/slapd-REALM/{access|errors}
> 
> It sounds like when IPA tried to delete some entry it failed because
> that entry has children. The logs should help pinpoint which entry it is
> failing on.
> 
> rob


Hmm.. unfortunately, there is nothing which tells us here something. The
last entries in error containing "ipa2" are

[11/Aug/2016:12:54:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:12:54:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:12:54:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:12:59:59 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:12:59:59 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:12:59:59 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:09:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:09:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:09:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:24:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:24:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:24:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:39:46 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:39:46 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:39:46 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[root@ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]#

And those stopped after issuing the ipa-replica-manage del command for
the first time.

Surprisingly, these messages are in the log even for the freshly
installed "ipacentos7" replica:

[root@ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]# tail -3 errors
[12/Aug/2016:07:24:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral,
ldap://ipacentos7.pleiades.uni-wuppertal.de:389/o%3Dipaca) failed.
[12/Aug/2016:07:24:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral,
ldap://ipacentos7.pleiades.uni-wuppertal.de:389/o%3Dipaca) failed.
[12/Aug/2016:07:24:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral,
ldap://ipacentos7.pleiades.uni-wuppertal.de:389/o%3Dipaca) failed.
[root@ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]#

The log in access is a bit delayed, but when executing this:

[root@ipa ~]#  ipa-replica-manage -v -f -c  del
ipa2.pleiades.uni-wuppertal.de
Directory Manager password:

Cleaning a master is irreversible.
This should not normally be require, so use cautiously.
Continue to clean master? [no]: yes
unexpected error: Not allowed on non-leaf entry
[root@ipa ~]#

we get a lengthy log like that one here, but these can be completely
unrelated:


[root@ipa ~]# tail -f /var/log/dirsrv/slapd-PLEIADES-UNI-WUPPERTAL-DE/access
[12/Aug/2016:07:36:39 +0200] conn=44409 op=31 SRCH
base="ipaUniqueID=925abf6e-2a1a-11e5-8ed3-00163e040d17,cn=hbac,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0
filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
attrs="objectClass posixgroup cn userPassword gidNumber member
ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
[12/Aug/2016:07:36:39 +0200] conn=44409 op=31 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:36:39 +0200] conn=44409 op=32 SRCH base="cn=Default
Trust View,cn=views,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=2
filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:pleiades.uni-wuppertal.de:74197518-2952-11e5-99a3-00163e040d17))"
attrs=ALL
[12/Aug/2016:07:36:39 +0200] conn=44409 op=32 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:36:48 +0200] conn=44381 op=14 UNBIND
[12/Aug/2016:07:36:48 +0200] conn=44381 op=14 fd=78 closed - U1
[12/Aug/2016:07:36:50 +0200] conn=44423 op=14 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(uid=postfix)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[12/Aug/2016:07:36:50 +0200] conn=44423 op=14 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:36:51 +0200] conn=44511 op=10 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(uid=postfix)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType"
[12/Aug/2016:07:36:51 +0200] conn=44511 op=10 RESULT err=0 tag=101
nentries=0 etime=0


*** STARTING COMMAND

[12/Aug/2016:07:36:54 +0200] conn=44489 op=16 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(uid=atlasprd020)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[12/Aug/2016:07:36:54 +0200] conn=44489 op=16 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:54 +0200] conn=44489 op=17 SRCH
base="cn=ipausers,cn=groups,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0
filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
attrs="objectClass posixgroup cn userPassword gidNumber member
ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
[12/Aug/2016:07:36:54 +0200] conn=44489 op=17 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:54 +0200] conn=44489 op=18 SRCH
base="cn=atlasprd,cn=groups,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0
filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
attrs="objectClass posixgroup cn userPassword gidNumber member
ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
[12/Aug/2016:07:36:54 +0200] conn=44489 op=18 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:54 +0200] conn=44489 op=19 SRCH
base="ipaUniqueID=925abf6e-2a1a-11e5-8ed3-00163e040d17,cn=hbac,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0
filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
attrs="objectClass posixgroup cn userPassword gidNumber member
ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
[12/Aug/2016:07:36:54 +0200] conn=44489 op=19 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:36:54 +0200] conn=44489 op=20 SRCH base="cn=Default
Trust View,cn=views,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=2
filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:pleiades.uni-wuppertal.de:1f9346aa-2951-11e5-9d7e-00163e040d17))"
attrs=ALL
[12/Aug/2016:07:36:54 +0200] conn=44489 op=20 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:36:55 +0200] conn=44536 fd=78 slot=78 connection from
132.195.124.203 to 132.195.124.12
[12/Aug/2016:07:36:55 +0200] conn=44536 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="* altServer namingContexts
supportedControl supportedExtension supportedFeatures
supportedLDAPVersion supportedSASLMechanisms
domaincontrollerfunctionality defaultnamingcontext lastusn
highestcommittedusn aci"
[12/Aug/2016:07:36:55 +0200] conn=44536 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723627 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/lustre3.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)(krbPrincipalName=host/lustre3.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723627 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723628 SRCH
base="cn=ipaConfig,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de" scope=0
filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData
ipaUserAuthType"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723628 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723629 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723629 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723630 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)(krbPrincipalName=krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723630 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723631 SRCH
base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723631 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723632 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/lustre3.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)(krbPrincipalName=host/lustre3.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723632 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723633 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723633 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723634 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)(krbPrincipalName=krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723634 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723635 SRCH
base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723635 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723636 SRCH
base="fqdn=lustre3.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn
gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier
ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory
ipaNTHomeDirectoryDrive"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723636 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723637 SRCH
base="cn=lustre3.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs=ALL
[12/Aug/2016:07:36:55 +0200] conn=2 op=723637 RESULT err=32 tag=101
nentries=0 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723638 MOD
dn="fqdn=lustre3.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723638 RESULT err=0 tag=103
nentries=0 etime=0 csn=57ad81dc000000040000
[12/Aug/2016:07:36:55 +0200] conn=2 op=723639 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)(krbPrincipalName=krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723639 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723640 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ipa.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)(krbPrincipalName=ldap/ipa.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723640 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723641 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723641 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723642 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/lustre3.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723642 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723643 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723643 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=44536 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[12/Aug/2016:07:36:55 +0200] conn=44536 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[12/Aug/2016:07:36:55 +0200] conn=44536 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[12/Aug/2016:07:36:55 +0200] conn=44536 op=2 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[12/Aug/2016:07:36:55 +0200] conn=44536 op=3 BIND dn="" method=sasl
version=3 mech=GSSAPI
[12/Aug/2016:07:36:55 +0200] conn=44536 op=3 RESULT err=0 tag=97
nentries=0 etime=0
dn="fqdn=lustre3.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:36:55 +0200] conn=44536 op=4 SRCH
base="ou=SUDOers,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=lustre3.pleiades.uni-wuppertal.de)(sudoHost=lustre3)(sudoHost=132.195.124.203)(sudoHost=132.195.124.0/23)(sudoHost=fe80::da9d:67ff:fe60:9400)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))"
attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs
sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn"
[12/Aug/2016:07:36:55 +0200] conn=44536 op=4 RESULT err=0 tag=101
nentries=0 etime=0 notes=P pr_idx=0
[12/Aug/2016:07:37:06 +0200] conn=44533 op=8 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:06 +0200] conn=44533 op=8 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:06 +0200] conn=44533 op=9 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:06 +0200] conn=44533 op=9 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:06 +0200] conn=44533 op=10 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:06 +0200] conn=44533 op=10 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:06 +0200] conn=44390 op=27 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:06 +0200] conn=44390 op=27 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:06 +0200] conn=44390 op=28 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:06 +0200] conn=44390 op=28 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:06 +0200] conn=44390 op=29 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:06 +0200] conn=44390 op=29 RESULT err=0 tag=101
nentries=0 etime=0

[...]

[12/Aug/2016:07:37:08 +0200] conn=44382 op=27 fd=184 closed - U1
[12/Aug/2016:07:37:09 +0200] conn=44428 op=14 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:09 +0200] conn=44428 op=14 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:09 +0200] conn=44428 op=15 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:09 +0200] conn=44428 op=15 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:09 +0200] conn=44428 op=16 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:09 +0200] conn=44428 op=16 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:11 +0200] conn=44489 op=21 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(uid=pnilsson)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[12/Aug/2016:07:37:11 +0200] conn=44489 op=21 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:11 +0200] conn=44489 op=22 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=zp)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))"
attrs="objectClass posixgroup cn userPassword gidNumber member
ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
[12/Aug/2016:07:37:11 +0200] conn=44489 op=22 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:11 +0200] conn=44489 op=23 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(uid=atlact1)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[12/Aug/2016:07:37:11 +0200] conn=44489 op=23 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:11 +0200] conn=44489 op=24 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=def-cg)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))"
attrs="objectClass posixgroup cn userPassword gidNumber member
ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
[12/Aug/2016:07:37:11 +0200] conn=44489 op=24 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:11 +0200] conn=44383 op=15 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:11 +0200] conn=44383 op=15 RESULT err=0 tag=101
nentries=0 etime=0

[...]

[12/Aug/2016:07:37:14 +0200] conn=44538 fd=184 slot=184 connection from
132.195.124.25 to 132.195.124.12
[12/Aug/2016:07:37:14 +0200] conn=44538 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="* altServer namingContexts
supportedControl supportedExtension supportedFeatures
supportedLDAPVersion supportedSASLMechanisms
domaincontrollerfunctionality defaultnamingcontext lastusn
highestcommittedusn aci"
[12/Aug/2016:07:37:14 +0200] conn=44538 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=44539 fd=216 slot=216 SSL connection
from 132.195.124.12 to 132.195.124.12
[12/Aug/2016:07:37:14 +0200] conn=44539 TLS1.2 128-bit AES
[12/Aug/2016:07:37:14 +0200] conn=44539 op=0 BIND dn="cn=directory
manager" method=128 version=3
[12/Aug/2016:07:37:14 +0200] conn=2 op=723644 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/wnfg005.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)(krbPrincipalName=host/wnfg005.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:37:14 +0200] conn=44539 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn="cn=directory manager"
[12/Aug/2016:07:37:14 +0200] conn=44539 op=1 SRCH base="cn=mapping
tree,cn=config" scope=2
filter="(&(|(&(objectClass=nsds5ReplicationAgreement)(nsDS5ReplicaRoot=dc=pleiades,dc=uni-wuppertal,dc=de))(objectClass=nsDSWindowsReplicationAgreement))(nsDS5ReplicaHost=ipa2.pleiades.uni-wuppertal.de))"
attrs=ALL
[12/Aug/2016:07:37:14 +0200] conn=44539 op=1 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723644 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723645 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723645 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723646 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)(krbPrincipalName=krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723646 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723647 SRCH
base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723647 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723648 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/wnfg005.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)(krbPrincipalName=host/wnfg005.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723648 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723649 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723649 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723650 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)(krbPrincipalName=krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723650 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723651 SRCH
base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723651 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723652 SRCH
base="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn
gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier
ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory
ipaNTHomeDirectoryDrive"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723652 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723653 SRCH
base="cn=wnfg005.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs=ALL
[12/Aug/2016:07:37:14 +0200] conn=2 op=723653 RESULT err=32 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723654 MOD
dn="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723654 RESULT err=0 tag=103
nentries=0 etime=0 csn=57ad81ef000000040000
[12/Aug/2016:07:37:14 +0200] conn=2 op=723655 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)(krbPrincipalName=krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723656 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ipa.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)(krbPrincipalName=ldap/ipa.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723655 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723657 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723657 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723658 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/wnfg005.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723656 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723659 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723659 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723658 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=44538 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[12/Aug/2016:07:37:15 +0200] conn=44538 op=1 RESULT err=14 tag=97
nentries=0 etime=1, SASL bind in progress
[12/Aug/2016:07:37:15 +0200] conn=44538 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[12/Aug/2016:07:37:15 +0200] conn=44538 op=2 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[12/Aug/2016:07:37:15 +0200] conn=44538 op=3 BIND dn="" method=sasl
version=3 mech=GSSAPI
[12/Aug/2016:07:37:15 +0200] conn=44538 op=3 RESULT err=0 tag=97
nentries=0 etime=0
dn="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:37:15 +0200] conn=44538 op=4 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(objectClass=ipaHost)(fqdn=wnfg005.pleiades.uni-wuppertal.de))"
attrs="objectClass cn fqdn serverHostName memberOf ipaSshPubKey ipaUniqueID"
[12/Aug/2016:07:37:15 +0200] conn=44538 op=4 RESULT err=0 tag=101
nentries=1 etime=0 notes=P pr_idx=0
[12/Aug/2016:07:37:15 +0200] conn=44538 op=5 SRCH
base="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="objectClass cn memberOf ipaUniqueID"
[12/Aug/2016:07:37:15 +0200] conn=44538 op=5 RESULT err=0 tag=101
nentries=1 etime=0 notes=P pr_idx=0
[12/Aug/2016:07:37:15 +0200] conn=44538 op=6 SRCH
base="cn=sudo,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(objectClass=ipasudocmdgrp)(entryusn>=1))" attrs="objectClass
ipaUniqueID cn member entryusn"
[12/Aug/2016:07:37:15 +0200] conn=44538 op=6 RESULT err=0 tag=101
nentries=0 etime=0 notes=P pr_idx=0
[12/Aug/2016:07:37:15 +0200] conn=44538 op=7 SRCH
base="cn=sudo,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(objectClass=ipasudorule)(ipaEnabledFlag=TRUE)(|(!(memberHost=*))(hostCategory=ALL)(memberHost=fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de)(memberHost=cn=worker_nodes,cn=hostgroups,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de))(entryusn>=1))"
attrs="objectClass cn ipaUniqueID ipaEnabledFlag ipaSudoOpt ipaSudoRunAs
ipaSudoRunAsGroup memberAllowCmd memberDenyCmd memberHost memberUser
sudoNotAfter sudoNotBefore sudoOrder cmdCategory hostCategory
userCategory ipaSudoRunAsUserCategory ipaSudoRunAsGroupCategory
ipaSudoRunAsExtUser ipaSudoRunAsExtGroup ipaSudoRunAsExtUserGroup entryusn"
[12/Aug/2016:07:37:15 +0200] conn=44538 op=7 RESULT err=0 tag=101
nentries=0 etime=0 notes=P pr_idx=0
[12/Aug/2016:07:37:15 +0200] conn=44422 op=26 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(uidNumber=51437)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[12/Aug/2016:07:37:15 +0200] conn=44422 op=26 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:15 +0200] conn=44422 op=27 SRCH base="cn=Default
Trust View,cn=views,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=2
filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:pleiades.uni-wuppertal.de:93718aaa-2951-11e5-9bdf-00163e040d17))"
attrs=ALL
[12/Aug/2016:07:37:15 +0200] conn=44422 op=27 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:15 +0200] conn=44539 op=2 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(krbPrincipalName=*/ipa2.pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de)"
attrs=ALL
[12/Aug/2016:07:37:15 +0200] conn=44539 op=2 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:15 +0200] conn=44539 op=3 MOD
dn="cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:37:15 +0200] conn=44539 op=4 MOD
dn="cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:37:15 +0200] conn=44539 op=3 RESULT err=16 tag=103
nentries=0 etime=0 csn=57ad81f0000200040000
[12/Aug/2016:07:37:15 +0200] conn=44539 op=4 RESULT err=16 tag=103
nentries=0 etime=0 csn=57ad81f0000300040000
[12/Aug/2016:07:37:15 +0200] conn=44539 op=5 MOD
dn="cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:37:15 +0200] conn=44539 op=6 SRCH
base="cn=ipa2.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=2 filter="(objectClass=*)" attrs=ALL
[12/Aug/2016:07:37:15 +0200] conn=44539 op=6 RESULT err=0 tag=101
nentries=7 etime=0 notes=U
[12/Aug/2016:07:37:15 +0200] conn=44539 op=5 RESULT err=16 tag=103
nentries=0 etime=0 csn=57ad81f0000400040000
[12/Aug/2016:07:37:15 +0200] conn=44539 op=7 SRCH base="cn=schema"
scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses"
[12/Aug/2016:07:37:15 +0200] conn=44539 op=7 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44442 op=14 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:16 +0200] conn=44442 op=14 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44442 op=15 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:16 +0200] conn=44442 op=15 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44442 op=16 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:16 +0200] conn=44442 op=16 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44539 op=8 DEL
dn="cn=ipa2.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:37:16 +0200] conn=44539 op=8 RESULT err=66 tag=107
nentries=0 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44539 op=9 SRCH
base="cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de" scope=0
filter="(objectClass=*)" attrs="aci"
[12/Aug/2016:07:37:16 +0200] conn=44539 op=9 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44539 op=10 SRCH
base="cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="aci"
[12/Aug/2016:07:37:16 +0200] conn=44539 op=10 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44539 op=11 SRCH
base="cn=certificates,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="aci"
[12/Aug/2016:07:37:16 +0200] conn=44539 op=11 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44539 op=12 SRCH
base="cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(dnaHostname=ipa2.pleiades.uni-wuppertal.de)" attrs=ALL
[12/Aug/2016:07:37:16 +0200] conn=44539 op=12 RESULT err=0 tag=101
nentries=0 etime=0 notes=U
[12/Aug/2016:07:37:16 +0200] conn=44539 op=13 SRCH
base="cn=default,ou=profile,dc=pleiades,dc=uni-wuppertal,dc=de" scope=0
filter="(objectClass=*)" attrs=ALL
[12/Aug/2016:07:37:16 +0200] conn=44539 op=13 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44539 op=14 UNBIND
[12/Aug/2016:07:37:16 +0200] conn=44539 op=14 fd=216 closed - U1

[...]

[12/Aug/2016:07:37:22 +0200] conn=44405 op=30 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:22 +0200] conn=44405 op=30 RESULT err=0 tag=101
nentries=0 etime=0

Using a LDAP Browser we saw that there is a "full" (at least it has
entries like CA etc.) entry:

cn=ipa2.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de

Would it be safe to delete that to get rid of the problem?

Thanks for your help!!!! Really appreciate that.

  Torsten


-- 
Dr. Torsten Harenberg     harenb...@physik.uni-wuppertal.de
Bergische Universitaet
Fakult├Ąt 4 - Physik       Tel.: +49 (0)202 439-3521
Gaussstr. 20              Fax : +49 (0)202 439-2811
42097 Wuppertal

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to