Re: [Freeipa-users] IPA Replica cannot add user [SOLVED]
On 02/14/2014 01:49 PM, Martin Kosek wrote:
Ok, this part seems ok then. I would then focus directly on DNA operation
itself.
DNA plugin says:
[13/Feb/2014:15:32:02 -0200] dna-plugin - dna_request_range: Error sending
range extension extended operation request to server ipa01.example.com:389
[error 53]
[13/Feb/2014:15:32:02 -0200] dna-plugin - dna_pre_op: no more values
available!!
Error 53 should be Unwilling to perform. Are there any errors on master dirsrv
errors log?
Is any free number available on the master server?
[master] $ ldapsearch -h `hostname` -D cn=Directory Manager -x -W -b
'cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config'
dnaNextValue dnaMaxValue
Martin
On 02/14/2014 12:36 PM, Bruno Henrique Barbosa wrote:
Hi Martin, thanks for the help.
Yes, I already did that test. Created a user on ipa01 (master), then he
appeared on ipa02 (replica), in the replica, I modified his email address,
it appeared back on master. Still, I cannot create a brand new user (or
POSIX group) on ipa02.
[root@ipa01 ~]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
[root@ipa02 ~]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
Interesting on replica's /var/log/krb5kdc.log:
[root@ipa02 ~]# cat /var/log/krb5kdc.log | grep Feb 13 15:31
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): setting up network...
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): listening on fd 6: udp 0.0.0.0.88
(pktinfo)
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): skipping unrecognized local
address family 17
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): skipping unrecognized local
address family 17
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): listening on fd 8: tcp 0.0.0.0.88
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): listening on fd 7: tcp ::.88
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): set up 3 sockets
Feb 13 15:31:13 ipa02 krb5kdc[1525](info): creating 4 worker processes
Feb 13 15:31:13 ipa02 krb5kdc[1525](info): closing down fd 7
Feb 13 15:31:13 ipa02 krb5kdc[1525](info): closing down fd 8
Feb 13 15:31:13 ipa02 krb5kdc[1525](info): closing down fd 6
Feb 13 15:31:13 ipa02 krb5kdc[1535](info): commencing operation
Feb 13 15:31:13 ipa02 krb5kdc[1533](info): commencing operation
Feb 13 15:31:13 ipa02 krb5kdc[1536](info): commencing operation
Feb 13 15:31:13 ipa02 krb5kdc[1534](info): commencing operation
Feb 13 15:31:14 ipa02 krb5kdc[1534](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: NEEDED_PREAUTH: ldap/ipa02.example@example.com for
krbtgt/example@example.com, Additional pre-authentication required
Feb 13 15:31:14 ipa02 krb5kdc[1533](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392312674, etypes {rep=18 tkt=18 ses=18},
ldap/ipa02.example@example.com for krbtgt/example@example.com
Feb 13 15:31:14 ipa02 krb5kdc[1536](info): TGS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392312674, etypes {rep=18 tkt=18 ses=18},
ldap/ipa02.example@example.com for ldap/ipa01.example@example.com
Feb 13 15:31:28 ipa02 krb5kdc[1536](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: NEEDED_PREAUTH: use...@example.com for
krbtgt/example@example.com, Additional pre-authentication required
Feb 13 15:31:28 ipa02 krb5kdc[1535](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392312688, etypes {rep=18 tkt=18 ses=18},
use...@example.com for krbtgt/example@example.com
Feb 13 15:31:28 ipa02 krb5kdc[1535](info): TGS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392312688, etypes {rep=18 tkt=18 ses=18},
use...@example.com for ldap/ipa02.example@example.com
Running kinit -kt on replica, returns nothing on prompt, but populates
/var/log/krb5kdc.log with:
Feb 14 09:34:05 ipa02 krb5kdc[1536](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: NEEDED_PREAUTH: ldap/ipa02.example@example.com for
krbtgt/example@example.com, Additional pre-authentication required
Feb 14 09:34:05 ipa02 krb5kdc[1533](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392377645, etypes {rep=18 tkt=18 ses=18},
ldap/ipa02.example@example.com for krbtgt/example@example.com
DNS is OK, resolving FQDN of both master and replica forward and reverse.
Bruno Henrique Barbosa
Jr. Sys Admin
IT Department
Santos City Hall
- Mensagem original -
De: Martin Kosek mko...@redhat.com
Para: Bruno Henrique Barbosa bruno-barb...@prodesan.com.br,
freeipa-users@redhat.com
Enviadas: Sexta-feira, 14 de Fevereiro de 2014 5:51:49
Assunto: Re: [Freeipa-users] IPA Replica cannot add user
On 02/13/2014 06:55 PM, Bruno Henrique Barbosa wrote:
Hi everyone
Re: [Freeipa-users] IPA Replica cannot add user [SOLVED]
Martin Kosek wrote: On 02/14/2014 01:49 PM, Martin Kosek wrote: Bruno sent me the logs privately, let me just share the solution of this case with the list. The problem here was that master had only 1000 numbers allocated (chosen during IPA installation). Therefore, it had less than 1000 numbers free. When the replica asked for some free numbers from it, it refused to give any as it would lower it's pool of free numbers below 500 (dnaThreshold setting). Bruno was able to fix the issue with this command run on master: $ ldapmodify -h `hostname` -D cn=Directory Manager -x -W dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config changetype: modify replace: dnaMaxValue dnaMaxValue: 5000 He should also run idrange-find to see if there is an IPA range listed and adjust it to match the DNA configuration. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] IPA Replica cannot add user
Hi Martin, thanks for the help.
Yes, I already did that test. Created a user on ipa01 (master), then he
appeared on ipa02 (replica), in the replica, I modified his email address, it
appeared back on master. Still, I cannot create a brand new user (or POSIX
group) on ipa02.
[root@ipa01 ~]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
[root@ipa02 ~]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
Interesting on replica's /var/log/krb5kdc.log:
[root@ipa02 ~]# cat /var/log/krb5kdc.log | grep Feb 13 15:31
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): setting up network...
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): listening on fd 6: udp 0.0.0.0.88
(pktinfo)
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): skipping unrecognized local address
family 17
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): skipping unrecognized local address
family 17
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): listening on fd 8: tcp 0.0.0.0.88
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): listening on fd 7: tcp ::.88
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): set up 3 sockets
Feb 13 15:31:13 ipa02 krb5kdc[1525](info): creating 4 worker processes
Feb 13 15:31:13 ipa02 krb5kdc[1525](info): closing down fd 7
Feb 13 15:31:13 ipa02 krb5kdc[1525](info): closing down fd 8
Feb 13 15:31:13 ipa02 krb5kdc[1525](info): closing down fd 6
Feb 13 15:31:13 ipa02 krb5kdc[1535](info): commencing operation
Feb 13 15:31:13 ipa02 krb5kdc[1533](info): commencing operation
Feb 13 15:31:13 ipa02 krb5kdc[1536](info): commencing operation
Feb 13 15:31:13 ipa02 krb5kdc[1534](info): commencing operation
Feb 13 15:31:14 ipa02 krb5kdc[1534](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: NEEDED_PREAUTH: ldap/ipa02.example@example.com for
krbtgt/example@example.com, Additional pre-authentication required
Feb 13 15:31:14 ipa02 krb5kdc[1533](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392312674, etypes {rep=18 tkt=18 ses=18},
ldap/ipa02.example@example.com for krbtgt/example@example.com
Feb 13 15:31:14 ipa02 krb5kdc[1536](info): TGS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392312674, etypes {rep=18 tkt=18 ses=18},
ldap/ipa02.example@example.com for ldap/ipa01.example@example.com
Feb 13 15:31:28 ipa02 krb5kdc[1536](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: NEEDED_PREAUTH: use...@example.com for
krbtgt/example@example.com, Additional pre-authentication required
Feb 13 15:31:28 ipa02 krb5kdc[1535](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392312688, etypes {rep=18 tkt=18 ses=18},
use...@example.com for krbtgt/example@example.com
Feb 13 15:31:28 ipa02 krb5kdc[1535](info): TGS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392312688, etypes {rep=18 tkt=18 ses=18},
use...@example.com for ldap/ipa02.example@example.com
Running kinit -kt on replica, returns nothing on prompt, but populates
/var/log/krb5kdc.log with:
Feb 14 09:34:05 ipa02 krb5kdc[1536](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: NEEDED_PREAUTH: ldap/ipa02.example@example.com for
krbtgt/example@example.com, Additional pre-authentication required
Feb 14 09:34:05 ipa02 krb5kdc[1533](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392377645, etypes {rep=18 tkt=18 ses=18},
ldap/ipa02.example@example.com for krbtgt/example@example.com
DNS is OK, resolving FQDN of both master and replica forward and reverse.
Bruno Henrique Barbosa
Jr. Sys Admin
IT Department
Santos City Hall
- Mensagem original -
De: Martin Kosek mko...@redhat.com
Para: Bruno Henrique Barbosa bruno-barb...@prodesan.com.br,
freeipa-users@redhat.com
Enviadas: Sexta-feira, 14 de Fevereiro de 2014 5:51:49
Assunto: Re: [Freeipa-users] IPA Replica cannot add user
On 02/13/2014 06:55 PM, Bruno Henrique Barbosa wrote:
Hi everyone,
I've installed my IPA environment as it follows:
ipa01.example.com - master install
ipa02.example.com - replica install, as the guide says, with
ipa-replica-prepare on ipa01 and ipa-replica-install using gpg key generated.
All good, environment is fine, can access both UI, but the underlying problem
is: I can edit and remove users from IPA using instance ipa02 (replica), but
I CANNOT add users from that instance. In the UI, error returned is:
IPA Error 4203
Operations error: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed!
Unable to proceed.
Via command-line, debug-enabled:
root@ipa02's password:
Last login: Thu Feb 13 15:36:34 2014
[root@ipa02 ~]# kinit admin
Password for ad...@example.com:
[root@ipa02 ~]# ipa-replica-manage list
ipa01.example.com: master
ipa02.example.com: master
[root@ipa02
Re: [Freeipa-users] IPA Replica cannot add user
Ok, this part seems ok then. I would then focus directly on DNA operation
itself.
DNA plugin says:
[13/Feb/2014:15:32:02 -0200] dna-plugin - dna_request_range: Error sending
range extension extended operation request to server ipa01.example.com:389
[error 53]
[13/Feb/2014:15:32:02 -0200] dna-plugin - dna_pre_op: no more values available!!
Error 53 should be Unwilling to perform. Are there any errors on master dirsrv
errors log?
Is any free number available on the master server?
[master] $ ldapsearch -h `hostname` -D cn=Directory Manager -x -W -b
'cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config'
dnaNextValue dnaMaxValue
Martin
On 02/14/2014 12:36 PM, Bruno Henrique Barbosa wrote:
Hi Martin, thanks for the help.
Yes, I already did that test. Created a user on ipa01 (master), then he
appeared on ipa02 (replica), in the replica, I modified his email address, it
appeared back on master. Still, I cannot create a brand new user (or POSIX
group) on ipa02.
[root@ipa01 ~]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
[root@ipa02 ~]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
Interesting on replica's /var/log/krb5kdc.log:
[root@ipa02 ~]# cat /var/log/krb5kdc.log | grep Feb 13 15:31
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): setting up network...
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): listening on fd 6: udp 0.0.0.0.88
(pktinfo)
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): skipping unrecognized local
address family 17
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): skipping unrecognized local
address family 17
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): listening on fd 8: tcp 0.0.0.0.88
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): listening on fd 7: tcp ::.88
Feb 13 15:31:13 ipa02 krb5kdc[1524](info): set up 3 sockets
Feb 13 15:31:13 ipa02 krb5kdc[1525](info): creating 4 worker processes
Feb 13 15:31:13 ipa02 krb5kdc[1525](info): closing down fd 7
Feb 13 15:31:13 ipa02 krb5kdc[1525](info): closing down fd 8
Feb 13 15:31:13 ipa02 krb5kdc[1525](info): closing down fd 6
Feb 13 15:31:13 ipa02 krb5kdc[1535](info): commencing operation
Feb 13 15:31:13 ipa02 krb5kdc[1533](info): commencing operation
Feb 13 15:31:13 ipa02 krb5kdc[1536](info): commencing operation
Feb 13 15:31:13 ipa02 krb5kdc[1534](info): commencing operation
Feb 13 15:31:14 ipa02 krb5kdc[1534](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: NEEDED_PREAUTH: ldap/ipa02.example@example.com for
krbtgt/example@example.com, Additional pre-authentication required
Feb 13 15:31:14 ipa02 krb5kdc[1533](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392312674, etypes {rep=18 tkt=18 ses=18},
ldap/ipa02.example@example.com for krbtgt/example@example.com
Feb 13 15:31:14 ipa02 krb5kdc[1536](info): TGS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392312674, etypes {rep=18 tkt=18 ses=18},
ldap/ipa02.example@example.com for ldap/ipa01.example@example.com
Feb 13 15:31:28 ipa02 krb5kdc[1536](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: NEEDED_PREAUTH: use...@example.com for
krbtgt/example@example.com, Additional pre-authentication required
Feb 13 15:31:28 ipa02 krb5kdc[1535](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392312688, etypes {rep=18 tkt=18 ses=18},
use...@example.com for krbtgt/example@example.com
Feb 13 15:31:28 ipa02 krb5kdc[1535](info): TGS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392312688, etypes {rep=18 tkt=18 ses=18},
use...@example.com for ldap/ipa02.example@example.com
Running kinit -kt on replica, returns nothing on prompt, but populates
/var/log/krb5kdc.log with:
Feb 14 09:34:05 ipa02 krb5kdc[1536](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: NEEDED_PREAUTH: ldap/ipa02.example@example.com for
krbtgt/example@example.com, Additional pre-authentication required
Feb 14 09:34:05 ipa02 krb5kdc[1533](info): AS_REQ (4 etypes {18 17 16 23})
192.168.0.2: ISSUE: authtime 1392377645, etypes {rep=18 tkt=18 ses=18},
ldap/ipa02.example@example.com for krbtgt/example@example.com
DNS is OK, resolving FQDN of both master and replica forward and reverse.
Bruno Henrique Barbosa
Jr. Sys Admin
IT Department
Santos City Hall
- Mensagem original -
De: Martin Kosek mko...@redhat.com
Para: Bruno Henrique Barbosa bruno-barb...@prodesan.com.br,
freeipa-users@redhat.com
Enviadas: Sexta-feira, 14 de Fevereiro de 2014 5:51:49
Assunto: Re: [Freeipa-users] IPA Replica cannot add user
On 02/13/2014 06:55 PM, Bruno Henrique Barbosa wrote:
Hi everyone,
I've installed my IPA
Re: [Freeipa-users] IPA Replica cannot add user
On 02/13/2014 06:55 PM, Bruno Henrique Barbosa wrote: Hi everyone, I've installed my IPA environment as it follows: ipa01.example.com - master install ipa02.example.com - replica install, as the guide says, with ipa-replica-prepare on ipa01 and ipa-replica-install using gpg key generated. All good, environment is fine, can access both UI, but the underlying problem is: I can edit and remove users from IPA using instance ipa02 (replica), but I CANNOT add users from that instance. In the UI, error returned is: IPA Error 4203 Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed. Via command-line, debug-enabled: root@ipa02's password: Last login: Thu Feb 13 15:36:34 2014 [root@ipa02 ~]# kinit admin Password for ad...@example.com: [root@ipa02 ~]# ipa-replica-manage list ipa01.example.com: master ipa02.example.com: master [root@ipa02 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: ad...@example.com Valid starting Expires Service principal 02/13/14 15:37:48 02/14/14 15:37:29 krbtgt/example@example.com 02/13/14 15:38:03 02/14/14 15:37:29 ldap/ipa02.example@example.com [root@ipa02 ~]# ipa -d user-add usertest ipa: DEBUG: importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'... ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py' ipa: DEBUG: args=klist -V ipa: DEBUG: stdout=Kerberos 5 version 1.10.3 ipa: DEBUG: stderr= ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py' ipa:
