[Freeipa-users] issue with group's objectclass attributes

Thu, 31 Mar 2022 22:02:20 -0700 

Hi List,

Here is what happened in a timely order.


the group "it" was created a long time ago without "groupOfUniqueNames"
 objectclass.


I did following to add "groupOfUniqueNames" objectclass:

[root@ipa0 ~]# ipa group-show it --all | grep object

  objectclass: top, groupofnames, nestedgroup, ipausergroup,
ipaobject, posixgroup, ipantgroupattrs

[root@ipa0 ~]#

[root@ipa0 ~]# ipa group-mod it --addattr=objectclass=groupOfUniqueNames

-------------------

Modified group "it"

-------------------

  Group name: it

  Description: IT Team

  GID: 1889600264

  Member users: john, rosy, ben, dan, rob,

  Member of groups: observium

  Member of Sudo rule: itsysadmins

  Member of HBAC rule: allow_it_systems, itadmin_systems, allow_it_sre_systems

[root@ipa0 ~]#

[root@ipa0 ~]# ipa group-show it --all | grep object

  objectclass: top, groupofnames, nestedgroup, ipausergroup,
ipaobject, posixgroup, ipantgroupattrs, groupOfUniqueNames

[root@ipa0 ~]#


After this, I could not create a group (both GUI and cli) with same error
message:

[root@ipa0 ~]# ipa group-add testgroup

ipa: ERROR: missing attribute "ipaNTSecurityIdentifier" required by object
class "ipaNTGroupAttrs"

[root@ipa0 ~]#


In the log:


[31/Mar/2022:10:18:57.626480360 -0700] - ERR - oc_check_required - Entry
"cn=testgroup,cn=groups,cn=accounts,dc=example,dc=com" missing attribute
"ipaNTSecurityIdentifier" required by object class "ipaNTGroupAttrs"

When checked via GUI - IPA Servers / Configuration, the group attribute
ipaNTGroupAttrs is there.

Any idea what went wrong and how to fix it?

Many thanks.

Kathy.

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to