I've reported a bug against SSSD and Lukas has pointed to a number of
FreeIPA errors in our logs.
I've can't find any information on how I might fix these errors or what I
might do to mitigate them. Any pointers appreciated:

First error:

[sssd[be[unixdev.domain.org.au]]] [ipa_sudo_fetch_rules_done] (0x0040):
Received 1 sudo rules

[sssd[be[unixdev.domain.org.au]]] [sysdb_mod_group_member] (0x0080):
ldb_modify failed: [No such attribute](16)[attribute 'member': no matching
attribute value while deleting attribute on 'name=

[sssd[be[unixdev.domain.org.au]]] [sysdb_error_to_errno] (0x0020): LDB
returned unexpected error: [No such attribute]

[sssd[be[unixdev.domain.org.au]]] [sysdb_update_members_ex] (0x0020): Could
not remove member [simpsonlach...@domain.org.au] from group [name=

Second error is long list of errors that look like

[sssd[be]] [get_ipa_groupname] (0x0020): Expected cn in second component,
got OU

[sssd[be]] [get_ipa_groupname] (0x0020): Expected groups second component,
got Users

I don't know enough about AD to speak meaningfully to these, but a quick
google shows that a group can have cn=Users as it's second component ( see
here for example
https://technet.microsoft.com/en-us/library/dn579255%28v=ws.11%29.aspx )

Is there an LDAP query that I need to define or add to the IPA server?


The most dangerous phrase in the language is, "We've always done it this

- Grace Hopper
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to