On 10/11/16 10:44, Petr Spacek wrote:
This is non-standard situation so it asks for non-standard commands.

I would try:
$ ipa privilege-mod 'DNS Servers'
--addattr=member=krbprincipalname=DNS/rider..xx.xx..xx.x...@.xx.xx..xx.xx.x,cn=services,cn=xxcounts,dc=,dc=xx,dc=xx,dc=,dc=xx,dc=xx,dc=x'
$ ipa privilege-mod 'DNS Servers'
--addattr=member=krbprincipalname=ipa-dnskeysyncd/rider..xx.xx..xx.x...@.xx.xx..xx.xx.x,cn=services,cn=xxcounts,dc=,dc=xx,dc=xx,dc=,dc=xx,dc=xx,dc=x'

Be very careful when constructing these DNs, --addattr do not validate the 
input!

well, I realize these can be trivial trifles, but man, you saved the... week! And to finish (hopefully) - maybe even more of a puzzle: how it happened? This box member was fine, suddenly (I was recovering/reconnecting replication agreements), maybe not suddenly, but when I noticed at some point, it did that. It lost those ldap bits?

many! thanks
L.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to