[Freeipa-users] adding group fails with "Type or value exists"

Martin Kosek mkosek at redhat.com
Fri Nov 16 08:25:06 UTC 2012 

On 11/16/2012 12:48 AM, Qing Chang wrote:
>
> On 15/11/2012 6:10 PM, John Dennis wrote:
>> On 11/15/2012 04:21 PM, Qing Chang wrote:
>>> Adding group produces error message "Type or value exists" and fails.
>>>
>>> As shown below, I tried a few different group name to ensure that there
>>> is no duplicates:
>>>
>>> [root at ipa1 ~]# ipa -d  group-add example  --desc="Test"
>>>
>>> ipa: DEBUG: Caught fault 4203 from server http://ipa1/ipa/xml: Type or value
>>> exists:
>>> ipa: DEBUG: Destroyed connection context.xmlclient
>>> ipa: ERROR: Type or value exists:
>>>
>>> Saw in a thread in March, it did not appear there was a resolution.
>>
>> Hello Qing:
>>
>> What version of ipa are you using? Which distribution (e.g. F17, RHEL 6.3)?
>>
>>
>
> ipa-admintools.x86_64              2.2.0-16.el6 @rhel-x86_64-server-6
> ipa-client.x86_64                  2.2.0-16.el6 @rhel-x86_64-server-6
> ipa-pki-ca-theme.noarch            9.0.3-7.el6 @rhel-x86_64-server-6
> ipa-pki-common-theme.noarch        9.0.3-7.el6 @rhel-x86_64-server-6
> ipa-python.x86_64                  2.2.0-16.el6 @rhel-x86_64-server-6
> ipa-server.x86_64 2.2.0-16.el6            @rhel-x86_64-server-6
> ipa-server-selinux.x86_64          2.2.0-16.el6 @rhel-x86_64-server-6
> libipa_hbac.x86_64                 1.8.0-32.el6 @rhel-x86_64-server-6
> libipa_hbac-python.x86_64          1.8.0-32.el6 @rhel-x86_64-server-6
> python-iniparse.noarch             0.3.1-2.1.el6
> @anaconda-RedHatEnterpriseLinux-201111171049.x86_64/6.2
>
> Red Hat Enterprise Linux Server release 6.3 (Santiago)
>
> Thanks,
> Qing
>

Hello Quing,

did you by any chance modified the list of default group objectclasses? I 
managed to reproduce the same error with adding "posixgroup" to the list:

# ipa config-mod 
--groupobjectclasses="top,groupofnames,nestedgroup,ipausergroup,ipaobject,posixgroup"
...
   Default group objectclasses: top, groupofnames, nestedgroup, ipausergroup, 
ipaobject, posixgroup
...

# ipa group-add foo --desc foo
ipa: ERROR: Type or value exists:

posixgroup should not be in the list as it is later added in group-add command 
when the group is non-posix. In my case, remedy was simple:

# ipa config-mod 
--groupobjectclasses="top,groupofnames,nestedgroup,ipausergroup,ipaobject"
# ipa group-add foo --desc foo
-----------------
Added group "foo"
-----------------
   Group name: foo
   Description: foo
   GID: 674400007

Martin

More information about the Freeipa-users mailing list