On (17/01/17 11:38), Sumit Bose wrote: >On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote: >> It seems something got corrupted in my ipa setup. I found this in the >> sssd log file on Wheezy: >> >> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing >> source hosts for rule [allow_all] >> (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on >> [cn=System: Manage Host >> Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de] > >Looks like there was a replication conflict, please see >https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html >how to resolve it. > >We already have a ticket for SSSD to ignore those object, but >unfortunately there is currently no patch available for SSSD so you have >to resolve the replication conflict to get it working again. > HBAC replication conflicts are already ignored in sssd. But debian wheezy (oldstable) has very old version of sssd 1.8.4-2. I would recommend to use at least 1.11.7-3 from jessie (debian stable)
LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
