[Freeipa-users] FreeIPA and Samba4

Troels Hansen th at casalogic.dk
Tue Nov 3 12:09:53 UTC 2015 

Hi again, so I finally got time to look further into this.

This task works:

dn: cn=$TIME-$FQDN-$LIBARCH,cn=ipa-sidgen-task,cn=tasks,cn=config
add:objectclass:top,extensibleObject
add:cn:$TIME-$FQDN-$LIBARCH
add:nsslapd-basedn:"$SUFFIX"
add:delay:0
add:ttl:3600

However, the task gets generated, but no output can be pulled from the task:

ldapsearch -D "cn=Directory Manager" -W -b 'cn=1446551851-kenai.casalogic.lan-64,cn=ipa-sidgen-task,cn=tasks,cn=config'
Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base <cn=1446551851-kenai.casalogic.lan-64,cn=ipa-sidgen-task,cn=tasks,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# 1446551851-kenai.casalogic.lan-64, ipa-sidgen-task, tasks, config
dn: cn=1446551851-kenai.casalogic.lan-64,cn=ipa-sidgen-task,cn=tasks,cn=config
objectClass: top
objectClass: extensibleObject
nsslapd-basedn: dc=casalogic,dc=lan
delay: 0
cn: 1446551851-kenai.casalogic.lan-64
ttl: 3600
nstaskcurrentitem: 1
nstasktotalitems: 1
nstaskexitcode: 32

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 

Only a exitcode 32
The nstaskcurrentitem and nstasktotalitems remains the same till the task disappeares.
Any way do debug these taske further to find out which user it stops at, as it looks like it detects an error at one user and stops the task?

----- On Oct 30, 2015, at 3:19 PM, Alexander Bokovoy abokovoy at redhat.com wrote:

> On Fri, 30 Oct 2015, Troels Hansen wrote:
>>
>>
>>
>>> I think it should be
>>> add:nsslapd-basedn: cn=accounts,$SUFFIX
>>> not
>>> add:basedn:"cn=accounts,$SUFFIX"
>>>
>>> this is what sidgen task expects and it returns constraint violation
>>> error if parameters are wrong:
>>>
>>>    str = fetch_attr(e, "nsslapd-basedn", NULL);
>>>    if (str == NULL) {
>>>        LOG_FATAL("Missing nsslapd-basedn!\n");
>>>        *returncode = LDAP_CONSTRAINT_VIOLATION;
>>>        ret = SLAPI_DSE_CALLBACK_ERROR;
>>>        goto done;
>>>    }
>>>
>>
>>I think you are right.
>>Don't know what I have tested, but it brings me a different error, that I didn't
>>see before:
>>
>>ipa.ipapython.ipaldap.IPAdmin: DEBUG: Unhandled LDAPError: OPERATIONS_ERROR:
>>{'desc': 'Operations error'}
>>ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR: Add failure Operations
>>error:
>>ipa.ipaserver.install.ipa_ldap_updater.LDAPUpdater_NonUpgrade: INFO: The
>>ipa-ldap-updater command was successful
>>
>>Where did you find the source for the sidgen task? I could try  looking at at it
>>myself, but can't find it.
> You can check it here:
> https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen_task.c#n221
> 
> --
> / Alexander Bokovoy

-- 
Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 


T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.

More information about the Freeipa-users mailing list