I think I've narrowed it down to the "tombstone" problem.
But now I'm at a loss for what to do. The only advice I can find
involves using direct ldap code an that is way over my head. (I'd
prefer to not completely destroy my database in the process of trying
to clean out the zombies)
Is there any
On 08/08/2012 01:11 PM, Jakub Hrozek wrote:
> On Wed, Aug 08, 2012 at 10:45:47AM -0800, Erinn Looney-Triggs wrote:
>> An interesting problem has popped up and I am not sure where the issue
>> lies. Users logging in are presented with "cannot find name for user ID"
>> etc. etc. for all groups they a
On 08/08/2012 01:11 PM, Jakub Hrozek wrote:
> On Wed, Aug 08, 2012 at 10:45:47AM -0800, Erinn Looney-Triggs wrote:
>> An interesting problem has popped up and I am not sure where the issue
>> lies. Users logging in are presented with "cannot find name for user ID"
>> etc. etc. for all groups they a
Yeah, that probably wasn't very clear...
Original - IPA instance w/ DNS, and no Dogtag
Replica - IPA instance w/ DNS, and no Dogtag
On 8/8/12 3:34 PM, Rob Crittenden wrote:
Rolf Brusletto wrote:
We had a rather severe issue last night on our primary IPA server(ver
2.2.0), but the replica is
Rolf Brusletto wrote:
Yeah, that probably wasn't very clear...
Original - IPA instance w/ DNS, and no Dogtag
Replica - IPA instance w/ DNS, and no Dogtag
The devil is always in the details. For user data yes, there is no
difference between the initially installed master and any others. It is
On 08/09/2012 01:14 AM, bin.e...@gmail.com wrote:
I think I've narrowed it down to the "tombstone" problem.
What "tombstone" problem?
ls -al /etc/dirsrv/slapd-*
Also, please post a sanitized errors log from
/var/log/dirsrv/slapd-YOUR-DOMAIN/errors
But now I'm at a loss for what to do. Th
On Thu, Aug 09, 2012 at 12:52:47AM -0800, Erinn Looney-Triggs wrote:
> On 08/08/2012 01:11 PM, Jakub Hrozek wrote:
> > On Wed, Aug 08, 2012 at 10:45:47AM -0800, Erinn Looney-Triggs wrote:
> >> An interesting problem has popped up and I am not sure where the issue
> >> lies. Users logging in are pre
I've kerberized a bunch of AIX machines, and I noticed when I was
starting out that AIX allows people to connect that have expired
passwords, and does not prompt for changes.
1) does anyone know what I need to do on AIX to make this happen (I
don't hold out much hope for this.)
2) alternately, do