[Freeipa-users] adding group fails with "Type or value exists"

Qing Chang qchang at sri.utoronto.ca
Fri Nov 16 15:26:11 UTC 2012 

On 16/11/2012 3:25 AM, Martin Kosek wrote:
> On 11/16/2012 12:48 AM, Qing Chang wrote:
>>
>> On 15/11/2012 6:10 PM, John Dennis wrote:
>>> On 11/15/2012 04:21 PM, Qing Chang wrote:
>>>> Adding group produces error message "Type or value exists" and fails.
>>>>
>>>> As shown below, I tried a few different group name to ensure that there
>>>> is no duplicates:
>>>>
>>>> [root at ipa1 ~]# ipa -d  group-add example  --desc="Test"
>>>>
>>>> ipa: DEBUG: Caught fault 4203 from server http://ipa1/ipa/xml: Type or value
>>>> exists:
>>>> ipa: DEBUG: Destroyed connection context.xmlclient
>>>> ipa: ERROR: Type or value exists:
>>>>
>>>> Saw in a thread in March, it did not appear there was a resolution.
>>>
>>> Hello Qing:
>>>
>>> What version of ipa are you using? Which distribution (e.g. F17, RHEL 6.3)?
>>>
>>>
>>
>> ipa-admintools.x86_64              2.2.0-16.el6 @rhel-x86_64-server-6
>> ipa-client.x86_64                  2.2.0-16.el6 @rhel-x86_64-server-6
>> ipa-pki-ca-theme.noarch            9.0.3-7.el6 @rhel-x86_64-server-6
>> ipa-pki-common-theme.noarch        9.0.3-7.el6 @rhel-x86_64-server-6
>> ipa-python.x86_64                  2.2.0-16.el6 @rhel-x86_64-server-6
>> ipa-server.x86_64 2.2.0-16.el6            @rhel-x86_64-server-6
>> ipa-server-selinux.x86_64          2.2.0-16.el6 @rhel-x86_64-server-6
>> libipa_hbac.x86_64                 1.8.0-32.el6 @rhel-x86_64-server-6
>> libipa_hbac-python.x86_64          1.8.0-32.el6 @rhel-x86_64-server-6
>> python-iniparse.noarch             0.3.1-2.1.el6
>> @anaconda-RedHatEnterpriseLinux-201111171049.x86_64/6.2
>>
>> Red Hat Enterprise Linux Server release 6.3 (Santiago)
>>
>> Thanks,
>> Qing
>>
>
> Hello Quing,
>
> did you by any chance modified the list of default group objectclasses? I managed to reproduce the 
> same error with adding "posixgroup" to the list:
>
> # ipa config-mod --groupobjectclasses="top,groupofnames,nestedgroup,ipausergroup,ipaobject,posixgroup"
> ...
>   Default group objectclasses: top, groupofnames, nestedgroup, ipausergroup, ipaobject, posixgroup
> ...
>
> # ipa group-add foo --desc foo
> ipa: ERROR: Type or value exists:
>
> posixgroup should not be in the list as it is later added in group-add command when the group is 
> non-posix. In my case, remedy was simple:
>
> # ipa config-mod --groupobjectclasses="top,groupofnames,nestedgroup,ipausergroup,ipaobject"
> # ipa group-add foo --desc foo
> -----------------
> Added group "foo"
> -----------------
>   Group name: foo
>   Description: foo
>   GID: 674400007
>
> Martin
Brilliant observation, I do have posixgroup added thinking that's necessary
to ensure posix  group is created...

Removed and works.

Many thanks,
Qing

More information about the Freeipa-users mailing list