[Freeipa-users] Duplicate objects after 4.1 ipa-server upgrade

Mon Nov 2 23:05:59 UTC 2015

After upgrading to 4.1 I have duplicated permission objects in my directory with names including nsuniqueid.  Is it safe to delete all of these objects?  Somehow this is only causing an issue for a specific user hitting a specific HBAC policy. 

(Mon Nov  2 14:29:23 2015) [sssd[be[blue-shift.com]]] [hbac_eval_user_element] (0x0080): Parse error on [cn=Read PassSync Managers Configuration+nsuniqueid=4ae3220f-4d2b11e5-a06ffcc2-215714a9 …………..
(Mon Nov  2 14:29:23 2015) [sssd[be[blue-shift.com]]] [hbac_ctx_to_rules] (0x0020): Could not construct eval request
(Mon Nov  2 14:29:23 2015) [sssd[be[blue-shift.com]]] [ipa_hbac_evaluate_rules] (0x0020): Could not construct HBAC rules

This is causing authentication to fail for the user in question, and I would like to get rid of these useless objects if they are no longer necessary.  