[Freeipa-users] missing member in group
Jakub Hrozek
jhrozek at redhat.com
Mon Feb 18 09:13:54 UTC 2013
On Mon, Feb 18, 2013 at 12:16:33AM -0500, Dmitri Pal wrote:
> On 02/17/2013 03:55 PM, Jan-Frode Myklebust wrote:
> > On Sun, Feb 17, 2013 at 09:48:10PM +0100, Jan-Frode Myklebust wrote:
> >> (Sun Feb 17 21:40:07 2013) [sssd[be[IPALDAP]]] [sdap_fill_memberships] (7): member #2 (uid=emilb,cn=users,cn=accounts,dc=example,dc=net): not found!
> >>
> > <snip>
> >
> >> This user was migrated saturday, using:
> >>
> >> ipa migrate-ds --user-ignore-objectclass=ldapPublic Key --user-ignore-attribute=sshPublicKey --user-container=ou=People --group-cont ou=Groups ldap://sim1.example.net:389 --with-compat
> >>
> >> I don't know what --with-compat does, but it migrate-ds seemed to require it
> >> this time. Earlier migrations hasn't needed it..
> >>
> > I see now that all the users I migrated saturday are logged as "not
> > found!". Maybe they need to log in and get fully migrated before they
> > show up in the groups? (We're running IPA in migration mode).
> >
> >
> > -jf
> Please do the ldap search of the user and post it here.
> I bet some attribute or object class is missing.
> But SSSD should see users that are just migrated.
> Did you use migrate-ds or loaded LDIF manually?
Are only the users you migrated not showing up?
Does getent passwd emilb work?
Given that you explicitly configured cache_credentials=false can you log
in (to verify SSSD is able to correctly connect to the remote server) ?
More information about the Freeipa-users
mailing list