On (17/01/17 11:38), Sumit Bose wrote:
>On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
>> It seems something got corrupted in my ipa setup. I found this in the
>> sssd log file on Wheezy:
>> 
>> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing 
>> source hosts for rule [allow_all]
>> (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on 
>> [cn=System: Manage Host 
>> Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de]
>
>Looks like there was a replication conflict, please see
>https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>how to resolve it.
>
>We already have a ticket for SSSD to ignore those object, but
>unfortunately there is currently no patch available for SSSD so you have
>to resolve the replication conflict to get it working again.
>
HBAC replication conflicts are already ignored in sssd.
But debian wheezy (oldstable) has very old version of sssd 1.8.4-2.
I would recommend to use at least 1.11.7-3 from jessie (debian stable)

LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to