Hi FreeIPA,
We have some replication messages in our slapd errors log which look very
like the ones discussed here:
https://bugzilla.redhat.com/show_bug.cgi?id=1574602
I took a look and we do have the MemberOf plugin, but our version of 389-ds
newer:
*389-ds-base-1.3.10.2-10.el7_9.x86_64*
>
> >> > > > >
> >> > > > > [Mon Jun 07 13:24:02.178092 2021] [:error]
> [pid
> >> > > 25725] ipa:
> >> > > > INFO: [xmlserver] mach_j...@redacted.com:
> >&g
data = read_input(environ)
> > > > > [Mon Jun 07 13:25:07.103548 2021] [:error] [pid
> > > 25725] File
> > > >
> > "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py",
> >
INFO: [xmlserver] mach_j...@redacted.com: None:
> InternalError
> > > > [Mon Jun 07 13:25:07.149962 2021] [:error] [pid
> > 25726] ipa:
> > > ERROR: non-public: IOError: request data read error
> > > > [Mon Jun 07
rror] [pid 25725] ipa:
>> > INFO: [xmlserver] mach_j...@redacted.com: None: InternalError
>> > > [Mon Jun 07 13:25:07.149962 2021] [:error] [pid 25726] ipa:
>> > ERROR: non-public: IOError: request data read error
>> > > [Mon Jun 07 13:25:07.149984 20
[Mon Jun 07 13:25:07.149991 2021] [:error] [pid 25726] File
> > "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 360,
> > in wsgi_execute
> > > [Mon Jun 07 13:25:07.149997 2021] [:error] [pid 25726]
> > data = read_input(environ)
> >
:25:07.150008 2021] [:error] [pid 25726] return
> environ['wsgi.input'].read(length).decode('utf-8')
> > [Mon Jun 07 13:25:07.150013 2021] [:error] [pid 25726] IOError:
> request data read error
> >
> >
> >
> > After setting the timeout to 600 and
:25:07.150013 2021] [:error] [pid 25726] IOError: request data
> read error
>
> After setting the timeout to 600 and rebooting the remaining 139 nodes
> from the initial set of 250, 83 joined of the 139 and we still had ISE
> occurring. In some cases, it would ISE on the first attem
rst attempt, try another
IPA system, and succeed. I'm not sure that even such a long timeout as 600
has helped.
Alfred
On Thu, Jun 3, 2021 at 7:51 PM Rob Crittenden wrote:
> Alfred Victor via FreeIPA-users wrote:
> > Hi FreeIPA list,
> >
> > We are having an issue with our IPA
Hi FreeIPA list,
We are having an issue with our IPA environment of 4 replicated FreeIPA
systems serving linux compute clients which join from a command in rc.local
after boot. This worked in the past, but the system has been rebuilt since
and the join command changed slightly. Unfortunately
innocent than
effectively changing the entire linux user/group system (for instance,
matches in sshd_config no longer work).
Thanks
Roger
On Wed, Mar 24, 2021 at 2:06 AM Florence Blanc-Renaud
wrote:
> On 3/23/21 7:57 PM, Alfred Victor via FreeIPA-users wrote:
> > I should clarify that I
related? Roger
>
>
>
>
>
> *Domain resolution order: domain.com <http://domain.com>*
>
>
>
>
> On Tue, Mar 23, 2021 at 2:22 AM Florence Blanc-Renaud
> wrote:
>
>> On 3/22/21 9:26 PM, Alfred Victor via FreeIPA-users wrote:
>> > Hi Rob,
>
. Could this somehow be related? Roger
*Domain resolution order: domain.com <http://domain.com>*
On Tue, Mar 23, 2021 at 2:22 AM Florence Blanc-Renaud
wrote:
> On 3/22/21 9:26 PM, Alfred Victor via FreeIPA-users wrote:
> > Hi Rob,
> >
> > This is on a newly
of the
machine). I did notice the following enabled in IPA server->configuration:
MS-PAC
But I'm not sure if this has anything to do with the behavior.
Roger
On Mon, Mar 22, 2021 at 2:48 PM Rob Crittenden wrote:
> Alfred Victor via FreeIPA-users wrote:
> > Hi FreeIPA,
> >
> > It
Hi FreeIPA,
It seems like something has changed but I can't figure out quite what and a
colleague is out sick. When I perform id lookup on a user, everything shows
as usern...@domain.com format. Can anyone please advise what causes this
(backend setting, setup command?)
[test@testingipa ~]# id
ir hash values)?
>
> Andy
>
> On Thu, Feb 4, 2021 at 12:38 PM Rob Crittenden
> wrote:
>
>> Alfred Victor via FreeIPA-users wrote:
>> > Hi Rob and IPA list -
>> >
>> > The alternative is if it is possible to use the sssd method similar to
>> &
lready can do this if it can do a migrate-ds
and create users (and their hash values)?
Andy
On Thu, Feb 4, 2021 at 12:38 PM Rob Crittenden wrote:
> Alfred Victor via FreeIPA-users wrote:
> > Hi Rob and IPA list -
> >
> > The alternative is if it is possible to use the sssd met
ble switching at some future date, given that we know we've had no
> issues with each subset x of all systems y with t duration of production
> utilization.
>
> Andy
>
> On Wed, Feb 3, 2021 at 2:08 PM Rob Crittenden wrote:
>
>> Alfred Victor via FreeIPA-users wro
to be
comfortable switching at some future date, given that we know we've had no
issues with each subset x of all systems y with t duration of production
utilization.
Andy
On Wed, Feb 3, 2021 at 2:08 PM Rob Crittenden wrote:
> Alfred Victor via FreeIPA-users wrote:
> > Hi all,
> >
>
Hi all,
We have a need to set the password hash value directly, is this possible?
It does not appear that ipa user-mod will support this, and using the API
or other methods looks like it will be fraught with access control
complications.
Andy
___
n Tue, Oct 6, 2020 at 12:42 PM Rob Crittenden > <mailto:rcrit...@redhat.com>> wrote:
> >
> > Alfred Victor via FreeIPA-users wrote:
> > > Hi FreeIPA,
> > >
> > > Maybe I've misunderstood how migrate-ds should work, worth
> menti
Hi FreeIPA,
Maybe I've misunderstood how migrate-ds should work, worth mentioning the
source directory is RFC2307 - if ipa migrate-ds migrates a user, then later
that user is added more groups and the same migrate-ds command is run
again, should it not add the user into the corresponding groups
DAP as
>> > the directory source. Is there something I can do to import the users
>> > successfully?
>> >
>> > https://access.redhat.com/solutions/3245371
>>
>> That article states that dropping the --user-ignore-objectclass line
>> resolved the issue.
>>
;
> That article states that dropping the --user-ignore-objectclass line
> resolved the issue.
>
> rob
>
> >
> > Regards,
> >
> > Alfred
> >
> > On Thu, Jul 23, 2020 at 12:11 PM Rob Crittenden > <mailto:rcrit...@redhat.com>> wrote:
>
below,
though appears this does not extend to OpenLDAP as the directory source. Is
there something I can do to import the users successfully?
https://access.redhat.com/solutions/3245371
Regards,
Alfred
On Thu, Jul 23, 2020 at 12:11 PM Rob Crittenden wrote:
> Alfred Victor via FreeIPA-us
Hi all,
We're performing some migrate-ds and noticed some missing users. We took a
closer look and the errors are:
: attribute "givenName" not allowed
: attribute "givenName" not allowed
: attribute "departmentNumber" not allowed
: attribute "departmentNumber" not allowed
: attribute
Hi FreeIPA,
We are testing an IPA deployment and regularly using expect to perform ipa
migrate-ds commands to keep the IPA environment refreshed. However, I
cannot seem to get any log trail of the migrates...it is proving difficult
in expect to capture/log the output, and there appears to be no
rs, accounts, redacted.com
> > > > dn: uid=ipatest,cn=users,cn=accounts,dc=redacted,dc=com
> > > > uid: ipatest# search result# numResponses: 2
> > > > # numEntries: 1
> > > >
> > > >
> > > >
> > > &
rote:
> >
> > > Hi Sumit,
> > >
> > > I have run those commands and both show the same amount of memberOf
> > > attributes. At first, with a nested group there were 143 so for a test
> with
> > > fewer groups, I removed the nested group b
roup but the result is the same. With
> 20 groups, and sssd cache destructively cleared and sssd restarted, the
> groups reach the ipa command and the ldapsearch fine but not id/groups
> commands.
>
> Alfred
>
> On Wed, Jun 17, 2020 at 1:39 AM Sumit Bose wrote:
>
>> On Tue
, the
groups reach the ipa command and the ldapsearch fine but not id/groups
commands.
Alfred
On Wed, Jun 17, 2020 at 1:39 AM Sumit Bose wrote:
> On Tue, Jun 16, 2020 at 05:12:09PM -0500, Alfred Victor via FreeIPA-users
> wrote:
> > I should note the problem exists on latest CentOS7 w
I should note the problem exists on latest CentOS7 with fully up to date
rpms on both client/server.
Alfred
On Tue, Jun 16, 2020 at 3:02 PM Alfred Victor wrote:
> Hi all,
>
> We have built a FreeIPA system and used ipa migrate-ds to migrate and are
> testing the environment however we have a
Hi all,
We have built a FreeIPA system and used ipa migrate-ds to migrate and are
testing the environment however we have a stubbornly persistent issue with
gid array from posix commands or when dealing with filesystem ownerships.
When I create a user in IPA, then add some groups, the issue is
33 matches
Mail list logo
